Mohammad Abbasi created KAFKA-2731: -------------------------------------- Summary: Kerberos on same host with Kafka does not find server in it's database on Ubuntu Key: KAFKA-2731 URL: https://issues.apache.org/jira/browse/KAFKA-2731 Project: Kafka Issue Type: Bug Affects Versions: 0.9.0.0 Reporter: Mohammad Abbasi
Configuring Kafka to use keytab created in Kerberos, as it's said in https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61326390, Kerberos logs: Nov 02 17:25:13 myhost krb5kdc[3307](info): TGS_REQ (5 etypes {17 16 23 1 3}) 192.168.18.241: LOOKING_UP_SERVER: authtime 0, kafka/myh...@a.org for <unknown server>, Server not found in Kerberos database Kafka's log: SASL Connection info: [2015-11-03 18:33:00,544] DEBUG creating sasl client: client=kafka/myh...@a.org;service=zookeeper;serviceHostname=myhost (org.apache.zookeeper.client.ZooKeeperSaslClient) and error: [2015-11-03 18:33:00,607] ERROR An error: (java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - LOOKING_UP_SERVER)]) occurred when evaluating Zookeeper Quorum Member's received SASL token. Zookeeper Client will go to AUTH_FAILED state. (org.apache.zookeeper.client.ZooKeeperSaslClient) [2015-11-03 18:33:00,607] ERROR SASL authentication with Zookeeper Quorum member failed: javax.security.sasl.SaslException: An error: (java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - LOOKING_UP_SERVER)]) occurred when evaluating Zookeeper Quorum Member's received SASL token. Zookeeper Client will go to AUTH_FAILED state. (org.apache.zookeeper.ClientCnxn) Kerberos works ok in kinit and kvno with the keytab. Some people said it's DNS or /etc/hosts problem, but nslookup was ok with ip and hostname and /etc/hosts is: 127.0.0.1 myhost localhost # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters I tested it with the host's ip too. -- This message was sent by Atlassian JIRA (v6.3.4#6332)