Hi I was trying to secure communication between ZK and Kafka. We generate the keytab file with principal
We were following this document - https://www.confluent.io/blog/apache-kafka-security-authorization-authentication-encryption/ (really detailed doc) For Kafka - kafka/xx-xxxx-xx.xxxxx....@xxxxx.com<mailto:kafka/xx-xxxx-xx.xxxxx....@xxxxx.com> For ZK -zk//xx-xxxx-xx.xxxxx....@xxxxx.com <mailto:-zk/fq-arch-01.nhsrx....@nhsrx.com> (our IT expert was running into issue creating principal as in link, because of AD has 20 character limit) Since we running into issue, we enable SASL debug flag -Dsun.security.krb5.debug=true And see below error, I don't have in-depth knowledge about SASL, so wanted to check with group to see if they faced this issue. >>>KRBError: sTime is Wed Jan 18 09:46:12 CST 2017 1484754372000 suSec is 434552 error code is 24 error Message is Pre-authentication information was invalid sname is krbtgt/xxxxx....@xxxxx.com eData provided. msgType is 30 >>>Pre-Authentication Data: PA-DATA type = 19 PA-ETYPE-INFO2 etype = 17, salt = XXXXX.COMzkxx-xxxx-xx.xxxxx.com, s2kparams = null PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null [2017-01-18 09:46:12,517] ERROR Unexpected exception, exiting abnormally (org.apache.zookeeper.server.quorum.QuorumPeerMain) java.io.IOException: Could not configure server because SASL configuration did not allow the ZooKeeper server to authenticate itself properly: javax.security.auth.login.LoginException: Pre-authentication information was invalid (24) at org.apache.zookeeper.server.ServerCnxnFactory.configureSaslLogin(ServerCnxnFactory.java:207) at org.apache.zookeeper.server.NIOServerCnxnFactory.configure(NIOServerCnxnFactory.java:82) at org.apache.zookeeper.server.quorum.QuorumPeerMain.runFromConfig(QuorumPeerMain.java:130) at org.apache.zookeeper.server.quorum.QuorumPeerMain.initializeAndRun(QuorumPeerMain.java:111) at org.apache.zookeeper.server.quorum.QuorumPeerMain.main(QuorumPeerMain.java:78) Thanks, Shri ______________________________________________________________ Shrikant Patel | PDX-NHIN Enterprise Architecture Team Asserting the Role of Pharmacy in Healthcare www.pdxinc.com<http://www.pdxinc.com/> main 817.367.4302 101 Jim Wright Freeway South, Suite 200, Fort Worth, Texas 76108-2202<http://maps.google.com/maps?q=PDX,+Inc.&hl=en&sll=32.758696,-97.476397&sspn=0.006295,0.006295&filter=0&update=1&t=h&z=17&iwloc=A> P Please consider the environment before printing this email. This e-mail and its contents (to include attachments) are the property of National Health Systems, Inc., its subsidiaries and affiliates, including but not limited to Rx.com Community Healthcare Network, Inc. and its subsidiaries, and may contain confidential and proprietary or privileged information. If you are not the intended recipient of this e-mail, you are hereby notified that any unauthorized disclosure, copying, or distribution of this e-mail or of its attachments, or the taking of any unauthorized action based on information contained herein is strictly prohibited. Unauthorized use of information contained herein may subject you to civil and criminal prosecution and penalties. If you are not the intended recipient, please immediately notify the sender by telephone at 800-433-5719 or return e-mail and permanently delete the original e-mail.
