[jira] [Commented] (KAFKA-3688) Unable to start broker with sasl.mechanism.inter.broker.protocol=PLAIN

Tue, 10 May 2016 11:47:26 -0700 

    [ 
https://issues.apache.org/jira/browse/KAFKA-3688?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15278669#comment-15278669
 ] 

Edoardo Comar commented on KAFKA-3688:
--------------------------------------

thanks [~rsivaram] it wasn't obvious how to express the jaas config

> Unable to start broker with sasl.mechanism.inter.broker.protocol=PLAIN
> ----------------------------------------------------------------------
>
>                 Key: KAFKA-3688
>                 URL: https://issues.apache.org/jira/browse/KAFKA-3688
>             Project: Kafka
>          Issue Type: Bug
>    Affects Versions: 0.10.0.0
>            Reporter: Edoardo Comar
>
> Starting a single broker with the following configuration :
>  
> server.properties:
> listeners=SASL_PLAINTEXT://:9093
> sasl.enabled.mechanisms=PLAIN
> security.inter.broker.protocol=SASL_PLAINTEXT
> sasl.mechanism.inter.broker.protocol=PLAIN
> jaas.conf:
> KafkaServer {
>   org.apache.kafka.common.security.plain.PlainLoginModule required
>   serviceName="kafka"
>   user_edo1="edo1pwd"
>   user_edo2="edo2pwd"
>   user_superkuser="wotever";
> };
> KafkaClient {
>   org.apache.kafka.common.security.plain.PlainLoginModule required
>   serviceName="kafka"
>     username="superkuser"
>     password="wotever";
> };
> results in a broker startup failure “Failed to create SaslClient with 
> mechanism PLAIN” (see stack trace below).
> Note that this configuration was attempted to try working around the issue
> https://issues.apache.org/jira/browse/KAFKA-3687 
> (unable to use ACLs with security.inter.broker.protocol=PLAIN).
> [2016-05-10 16:54:10,730] INFO Failed to create channel due to  
> (org.apache.kafka.common.network.SaslChannelBuilder)
> org.apache.kafka.common.KafkaException: Failed to configure 
> SaslClientAuthenticator
>       at 
> org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.configure(SaslClientAuthenticator.java:124)
>       at 
> org.apache.kafka.common.network.SaslChannelBuilder.buildChannel(SaslChannelBuilder.java:102)
>       at org.apache.kafka.common.network.Selector.connect(Selector.java:177)
>       at 
> org.apache.kafka.clients.NetworkClient.initiateConnect(NetworkClient.java:498)
>       at org.apache.kafka.clients.NetworkClient.ready(NetworkClient.java:159)
>       at 
> kafka.utils.NetworkClientBlockingOps$.blockingReady$extension(NetworkClientBlockingOps.scala:59)
>       at 
> kafka.controller.RequestSendThread.brokerReady(ControllerChannelManager.scala:232)
>       at 
> kafka.controller.RequestSendThread.liftedTree1$1(ControllerChannelManager.scala:181)
>       at 
> kafka.controller.RequestSendThread.doWork(ControllerChannelManager.scala:180)
>       at kafka.utils.ShutdownableThread.run(ShutdownableThread.scala:63)
> Caused by: org.apache.kafka.common.KafkaException: Failed to create 
> SaslClient with mechanism PLAIN
>       at 
> org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.createSaslClient(SaslClientAuthenticator.java:139)
>       at 
> org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.configure(SaslClientAuthenticator.java:122)
>       ... 9 more
> Caused by: javax.security.sasl.SaslException: Cannot get userid/password 
> [Caused by javax.security.auth.callback.UnsupportedCallbackException: Could 
> not login: the client is being asked for a password, but the Kafka client 
> code does not currently support obtaining a password from the user.]
>       at 
> com.sun.security.sasl.ClientFactoryImpl.getUserInfo(ClientFactoryImpl.java:157)
>       at 
> com.sun.security.sasl.ClientFactoryImpl.createSaslClient(ClientFactoryImpl.java:94)
>       at javax.security.sasl.Sasl.createSaslClient(Sasl.java:372)
>       at 
> org.apache.kafka.common.security.authenticator.SaslClientAuthenticator$1.run(SaslClientAuthenticator.java:135)
>       at 
> org.apache.kafka.common.security.authenticator.SaslClientAuthenticator$1.run(SaslClientAuthenticator.java:1)
>       at java.security.AccessController.doPrivileged(Native Method)
>       at javax.security.auth.Subject.doAs(Subject.java:415)
>       at 
> org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.createSaslClient(SaslClientAuthenticator.java:130)
>       ... 10 more
> Caused by: javax.security.auth.callback.UnsupportedCallbackException: Could 
> not login: the client is being asked for a password, but the Kafka client 
> code does not currently support obtaining a password from the user.
>       at 
> org.apache.kafka.common.security.authenticator.SaslClientCallbackHandler.handle(SaslClientCallbackHandler.java:73)
>       at 
> com.sun.security.sasl.ClientFactoryImpl.getUserInfo(ClientFactoryImpl.java:136)
>       ... 17 more
> discovered in collaboration with [~mimaison]



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to