Edoardo Comar created KAFKA-3688:
------------------------------------
Summary: Unable to start broker with
sasl.mechanism.inter.broker.protocol=PLAIN
Key: KAFKA-3688
URL: https://issues.apache.org/jira/browse/KAFKA-3688
Project: Kafka
Issue Type: Bug
Affects Versions: 0.10.0.0
Reporter: Edoardo Comar
Starting a single broker with the following configuration :
server.properties:
listeners=SASL_PLAINTEXT://:9093
sasl.enabled.mechanisms=PLAIN
security.inter.broker.protocol=SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=PLAIN
jaas.conf:
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
serviceName="kafka"
user_edo1="edo1pwd"
user_edo2="edo2pwd"
user_superkuser="wotever";
};
KafkaClient {
org.apache.kafka.common.security.plain.PlainLoginModule required
serviceName="kafka"
username="superkuser"
password="wotever";
};
results in a broker startup failure “Failed to create SaslClient with mechanism
PLAIN” (see stack trace below).
Note that this configuration was attempted to try working around the issue
https://issues.apache.org/jira/browse/KAFKA-3687
(unable to use ACLs with security.inter.broker.protocol=PLAIN).
[2016-05-10 16:54:10,730] INFO Failed to create channel due to
(org.apache.kafka.common.network.SaslChannelBuilder)
org.apache.kafka.common.KafkaException: Failed to configure
SaslClientAuthenticator
at
org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.configure(SaslClientAuthenticator.java:124)
at
org.apache.kafka.common.network.SaslChannelBuilder.buildChannel(SaslChannelBuilder.java:102)
at org.apache.kafka.common.network.Selector.connect(Selector.java:177)
at
org.apache.kafka.clients.NetworkClient.initiateConnect(NetworkClient.java:498)
at org.apache.kafka.clients.NetworkClient.ready(NetworkClient.java:159)
at
kafka.utils.NetworkClientBlockingOps$.blockingReady$extension(NetworkClientBlockingOps.scala:59)
at
kafka.controller.RequestSendThread.brokerReady(ControllerChannelManager.scala:232)
at
kafka.controller.RequestSendThread.liftedTree1$1(ControllerChannelManager.scala:181)
at
kafka.controller.RequestSendThread.doWork(ControllerChannelManager.scala:180)
at kafka.utils.ShutdownableThread.run(ShutdownableThread.scala:63)
Caused by: org.apache.kafka.common.KafkaException: Failed to create SaslClient
with mechanism PLAIN
at
org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.createSaslClient(SaslClientAuthenticator.java:139)
at
org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.configure(SaslClientAuthenticator.java:122)
... 9 more
Caused by: javax.security.sasl.SaslException: Cannot get userid/password
[Caused by javax.security.auth.callback.UnsupportedCallbackException: Could not
login: the client is being asked for a password, but the Kafka client code does
not currently support obtaining a password from the user.]
at
com.sun.security.sasl.ClientFactoryImpl.getUserInfo(ClientFactoryImpl.java:157)
at
com.sun.security.sasl.ClientFactoryImpl.createSaslClient(ClientFactoryImpl.java:94)
at javax.security.sasl.Sasl.createSaslClient(Sasl.java:372)
at
org.apache.kafka.common.security.authenticator.SaslClientAuthenticator$1.run(SaslClientAuthenticator.java:135)
at
org.apache.kafka.common.security.authenticator.SaslClientAuthenticator$1.run(SaslClientAuthenticator.java:1)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:415)
at
org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.createSaslClient(SaslClientAuthenticator.java:130)
... 10 more
Caused by: javax.security.auth.callback.UnsupportedCallbackException: Could not
login: the client is being asked for a password, but the Kafka client code does
not currently support obtaining a password from the user.
at
org.apache.kafka.common.security.authenticator.SaslClientCallbackHandler.handle(SaslClientCallbackHandler.java:73)
at
com.sun.security.sasl.ClientFactoryImpl.getUserInfo(ClientFactoryImpl.java:136)
... 17 more
discovered in collaboration with [~mimaison]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
