Hi All, We using SASL for Authentication between Kafka and ZK. Followed - https://www.confluent.io/blog/apache-kafka-security-authorization-authentication-encryption/
We have 3 Kafka node, on each node, we have principal="kafka/server_no.xxx....@xxx.com. So On first node in kafka_server_jaas.conf, principal is set to principal="kafka/server1.xxx....@xxx.com" On second node in kafka_server_jaas.conf, principal is set to principal="kafka/server2.xxx....@xxx.com" On third node in kafka_server_jaas.conf, principal is set to principal="kafka/server3.xxx....@xxx.com" When runt the ACL command from node 1, it successful. It all works, but I cannot run ACL from other 2 nodes. On other 2 nodes it fails, with error [2017-03-31 18:44:38,629] ERROR Conditional update of path /kafka-acl/Topic/shri-topic with data {"version":1,"acls":[{"principal":"User:CN=xxxxxxx,OU=xxxx,O=xxxx,L=xxxxx,ST=xx,C=xx","permissionType":"Allow","operation":"Describe","host":"*"},{"principal":"User:CN=spatel-lt,OU=arch,O=pdx inc,L=fort worth,ST=tx,C=us","permissionType":"Allow","operation":"Write","host":"*"}]} and expected version 0 failed due to org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /kafka-acl/Topic/shri-topic (kafka.utils.ZkUtils) When I look at ZK kafka-acl node, it only permission for first node, I understand the reason it does other to run ACL, even though they valid keytab. getAcl /kafka-acl 'world,'anyone : r 'sasl,'kafka/server1.xxx....@xxx.com : cdrwa It this bug or am I doing something wrong here. Thanks, Shri This e-mail and its contents (to include attachments) are the property of National Health Systems, Inc., its subsidiaries and affiliates, including but not limited to Rx.com Community Healthcare Network, Inc. and its subsidiaries, and may contain confidential and proprietary or privileged information. If you are not the intended recipient of this e-mail, you are hereby notified that any unauthorized disclosure, copying, or distribution of this e-mail or of its attachments, or the taking of any unauthorized action based on information contained herein is strictly prohibited. Unauthorized use of information contained herein may subject you to civil and criminal prosecution and penalties. If you are not the intended recipient, please immediately notify the sender by telephone at 800-433-5719 or return e-mail and permanently delete the original e-mail.