[
https://issues.apache.org/jira/browse/KAFKA-2731?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14987594#comment-14987594
]
Flavio Junqueira commented on KAFKA-2731:
-----------------------------------------
I don't think the need to be different, but you need to provide the zk server
config. The wiki page you pointed to is focusing on the kafka broker, which
doesn't need to know about the zk server configuration. That's why it is
omitting it.
> Kerberos on same host with Kafka does not find server in it's database on
> Ubuntu
> --------------------------------------------------------------------------------
>
> Key: KAFKA-2731
> URL: https://issues.apache.org/jira/browse/KAFKA-2731
> Project: Kafka
> Issue Type: Bug
> Affects Versions: 0.9.0.0
> Reporter: Mohammad Abbasi
>
> Configuring Kafka to use keytab created in Kerberos, as it's said in
> https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61326390,
> Kerberos logs:
> Nov 02 17:25:13 myhost krb5kdc[3307](info): TGS_REQ (5 etypes {17 16 23 1 3})
> 192.168.18.241: LOOKING_UP_SERVER: authtime 0, kafka/myh...@a.org for
> <unknown server>, Server not found in Kerberos database
> Kafka's log:
> SASL Connection info:
> [2015-11-03 18:33:00,544] DEBUG creating sasl client:
> client=kafka/myh...@a.org;service=zookeeper;serviceHostname=myhost
> (org.apache.zookeeper.client.ZooKeeperSaslClient)
> and error:
> [2015-11-03 18:33:00,607] ERROR An error:
> (java.security.PrivilegedActionException: javax.security.sasl.SaslException:
> GSS initiate failed [Caused by GSSException: No valid credentials provided
> (Mechanism level: Server not found in Kerberos database (7) -
> LOOKING_UP_SERVER)]) occurred when evaluating Zookeeper Quorum Member's
> received SASL token. Zookeeper Client will go to AUTH_FAILED state.
> (org.apache.zookeeper.client.ZooKeeperSaslClient)
> [2015-11-03 18:33:00,607] ERROR SASL authentication with Zookeeper Quorum
> member failed: javax.security.sasl.SaslException: An error:
> (java.security.PrivilegedActionException: javax.security.sasl.SaslException:
> GSS initiate failed [Caused by GSSException: No valid credentials provided
> (Mechanism level: Server not found in Kerberos database (7) -
> LOOKING_UP_SERVER)]) occurred when evaluating Zookeeper Quorum Member's
> received SASL token. Zookeeper Client will go to AUTH_FAILED state.
> (org.apache.zookeeper.ClientCnxn)
> Kerberos works ok in kinit and kvno with the keytab.
> Some people said it's DNS or /etc/hosts problem, but nslookup was ok with ip
> and hostname
> and /etc/hosts is:
> 127.0.0.1 myhost localhost
> # The following lines are desirable for IPv6 capable hosts
> ::1 ip6-localhost ip6-loopback
> fe00::0 ip6-localnet
> ff00::0 ip6-mcastprefix
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
> I tested it with the host's ip too.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
