Hi,
I am trying to get SASL_PLAINTEXT or SASL_SSL to work. Sofar I am not
successful. I posted the full story on SO:
http://stackoverflow.com/questions/39521691/kafka-authentication-producer-unable-to-connect-producer
Bottom line is, when I start the server in SASL_PLAINTEXT mode, the below
exception keeps popping up in the logs. The first issue is that you see it
only when you change log level to DEBUG, while in reality the server isn't
in a functioning state. Should the error be printed at error level?
Now, the real issue is I don't understand why this is happening. It seems
the server is connecting to itself and trying to authenticate against
itself and failing to do so. What is wrong in my configuration?
In server.properties, I have:
isteners=SASL_PLAINTEXT://0.0.0.0:9092
security.inter.broker.protocol=SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=PLAIN
sasl.enabled.mechanisms=PLAIN
Replacing 0.0.0.0 with localhost and 127.0.0.1 produces same result.
I also have KAFKA_OPTS set to /home/kafka/kafka_client_jaas.conf. And the
content of kafka_client_jaas.conf is:
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="admin"
password="admin-secret"
user_admin="alice-secret"
user_alice="alice-secret";
};
No client is up. The only things I have up are ZK and the Kafka server.
Here is the stack trace:
2016-09-15 22:06:09 DEBUG NetworkClient:496 - Initiating connection to node
0 at 0.0.0.0:9092.
2016-09-15 22:06:09 DEBUG Acceptor:52 - Accepted connection from /127.0.0.1
on /127.0.1.1:9092. sendBufferSize [actual|requested]: [102400|102400]
recvBufferSize [actual|requested]: [102400|102400]
2016-09-15 22:06:09 DEBUG Processor:52 - Processor 0 listening to new
connection from /127.0.0.1:59669
2016-09-15 22:06:09 DEBUG SaslClientAuthenticator:204 - Set SASL client
state to SEND_HANDSHAKE_REQUEST
2016-09-15 22:06:09 DEBUG SaslClientAuthenticator:133 - Creating
SaslClient: client=null;service=kafka;serviceHostname=0.0.0.0;mechs=[PLAIN]
2016-09-15 22:06:09 DEBUG SaslClientAuthenticator:204 - Set SASL client
state to RECEIVE_HANDSHAKE_RESPONSE
2016-09-15 22:06:09 DEBUG NetworkClient:476 - Completed connection to node 0
2016-09-15 22:06:09 DEBUG SaslServerAuthenticator:269 - Set SASL server
state to HANDSHAKE_REQUEST
2016-09-15 22:06:09 DEBUG SaslServerAuthenticator:310 - Handle Kafka
request SASL_HANDSHAKE
2016-09-15 22:06:09 DEBUG SaslServerAuthenticator:354 - Using SASL
mechanism 'PLAIN' provided by client
2016-09-15 22:06:09 DEBUG SaslServerAuthenticator:269 - Set SASL server
state to AUTHENTICATE
2016-09-15 22:06:09 DEBUG SaslClientAuthenticator:204 - Set SASL client
state to INITIAL
2016-09-15 22:06:09 DEBUG SaslClientAuthenticator:204 - Set SASL client
state to INTERMEDIATE
2016-09-15 22:06:09 DEBUG SaslServerAuthenticator:269 - Set SASL server
state to FAILED
2016-09-15 22:06:09 DEBUG Selector:345 - Connection with /127.0.0.1
disconnected
java.io.IOException: javax.security.sasl.SaslException: Authentication
failed: Invalid JAAS configuration [Caused by
javax.security.sasl.SaslException: Authentication failed: Invalid username
or password]
at
org.apache.kafka.common.security.authenticator.SaslServerAuthenticator.authenticate(SaslServerAuthenticator.java:243)
at
org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:64)
at
org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:318)
at org.apache.kafka.common.network.Selector.poll(Selector.java:283)
at kafka.network.Processor.poll(SocketServer.scala:472)
at kafka.network.Processor.run(SocketServer.scala:412)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.security.sasl.SaslException: Authentication failed:
Invalid JAAS configuration [Caused by javax.security.sasl.SaslException:
Authentication failed: Invalid username or password]
at
org.apache.kafka.common.security.plain.PlainSaslServer.evaluateResponse(PlainSaslServer.java:101)
at
org.apache.kafka.common.security.authenticator.SaslServerAuthenticator.authenticate(SaslServerAuthenticator.java:228)
... 6 more
Caused by: javax.security.sasl.SaslException: Authentication failed:
Invalid username or password
at
org.apache.kafka.common.security.plain.PlainSaslServer.evaluateResponse(PlainSaslServer.java:98)
... 7 more
2016-09-15 22:06:09 DEBUG Selector:345 - Connection with 0.0.0.0/0.0.0.0
disconnected
java.io.EOFException
at
org.apache.kafka.common.network.NetworkReceive.readFromReadableChannel(NetworkReceive.java:83)
at
org.apache.kafka.common.network.NetworkReceive.readFrom(NetworkReceive.java:71)
at
org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.receiveResponseOrToken(SaslClientAuthenticator.java:239)
at
org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.authenticate(SaslClientAuthenticator.java:182)
at
org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:64)
at
org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:318)
at org.apache.kafka.common.network.Selector.poll(Selector.java:283)
at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:260)
at
kafka.utils.NetworkClientBlockingOps$.recursivePoll$1(NetworkClientBlockingOps.scala:111)
at
kafka.utils.NetworkClientBlockingOps$.kafka$utils$NetworkClientBlockingOps$$pollUntil$extension(NetworkClientBlockingOps.scala:120)
at
kafka.utils.NetworkClientBlockingOps$.blockingReady$extension(NetworkClientBlockingOps.scala:59)
at
kafka.controller.RequestSendThread.brokerReady(ControllerChannelManager.scala:232)
at
kafka.controller.RequestSendThread.liftedTree1$1(ControllerChannelManager.scala:181)
at
kafka.controller.RequestSendThread.doWork(ControllerChannelManager.scala:180)
at kafka.utils.ShutdownableThread.run(ShutdownableThread.scala:63)
2016-09-15 22:06:09 DEBUG NetworkClient:463 - Node 0 disconnected.
Any thoughts?
Thanks,
Max.
