Re: SASL_PLAINTEXT Authentication/Connection failure

Fri, 16 Sep 2016 00:58:00 -0700 

Max,

I think there is a typo in your configuration. You intended admin password
to be admin-secret?

KafkaServer {
   org.apache.kafka.common.security.plain.PlainLoginModule required
   username="admin"
   password="admin-secret"
   user_admin="alice-secret"  *=> Change to **"admin-secret"*
   user_alice="alice-secret";
};


Since your inter-broker security protocol is SASL_PLAINTEXT, the controller
uses SASL with the username "admin" and that connection is failing since
the server thinks the expected password is "alice-secret".



On Fri, Sep 16, 2016 at 8:43 AM, Max Bridgewater <max.bridgewa...@gmail.com>
wrote:

> Hi,
>
> I am trying to get SASL_PLAINTEXT or SASL_SSL to work. Sofar I am not
> successful. I posted the full story on SO:
> http://stackoverflow.com/questions/39521691/kafka-authentication-producer-
> unable-to-connect-producer
>
> Bottom line is, when I start the server in SASL_PLAINTEXT mode, the below
> exception keeps popping up in the logs. The first issue is that you see it
> only when you change log level to DEBUG, while in reality the server isn't
> in a functioning state. Should the error be printed at error level?
>
> Now, the real issue is I don't understand why this is happening. It seems
> the server is connecting to itself and trying to authenticate against
> itself and failing to do so. What is wrong in my configuration?
>
> In  server.properties, I have:
>
> isteners=SASL_PLAINTEXT://0.0.0.0:9092
> security.inter.broker.protocol=SASL_PLAINTEXT
> sasl.mechanism.inter.broker.protocol=PLAIN
> sasl.enabled.mechanisms=PLAIN
>
> Replacing 0.0.0.0 with localhost and 127.0.0.1 produces same result.
>
> I also have KAFKA_OPTS set to /home/kafka/kafka_client_jaas.conf. And the
> content of kafka_client_jaas.conf is:
>
> KafkaServer {
>    org.apache.kafka.common.security.plain.PlainLoginModule required
>    username="admin"
>    password="admin-secret"
>    user_admin="alice-secret"
>    user_alice="alice-secret";
> };
>
> No client is up. The only things I have up are ZK and the Kafka server.
> Here is the stack trace:
>
> 2016-09-15 22:06:09 DEBUG NetworkClient:496 - Initiating connection to node
> 0 at 0.0.0.0:9092.
> 2016-09-15 22:06:09 DEBUG Acceptor:52 - Accepted connection from /
> 127.0.0.1
> on /127.0.1.1:9092. sendBufferSize [actual|requested]: [102400|102400]
> recvBufferSize [actual|requested]: [102400|102400]
> 2016-09-15 22:06:09 DEBUG Processor:52 - Processor 0 listening to new
> connection from /127.0.0.1:59669
> 2016-09-15 22:06:09 DEBUG SaslClientAuthenticator:204 - Set SASL client
> state to SEND_HANDSHAKE_REQUEST
> 2016-09-15 22:06:09 DEBUG SaslClientAuthenticator:133 - Creating
> SaslClient: client=null;service=kafka;serviceHostname=0.0.0.0;mechs=
> [PLAIN]
> 2016-09-15 22:06:09 DEBUG SaslClientAuthenticator:204 - Set SASL client
> state to RECEIVE_HANDSHAKE_RESPONSE
> 2016-09-15 22:06:09 DEBUG NetworkClient:476 - Completed connection to node
> 0
> 2016-09-15 22:06:09 DEBUG SaslServerAuthenticator:269 - Set SASL server
> state to HANDSHAKE_REQUEST
> 2016-09-15 22:06:09 DEBUG SaslServerAuthenticator:310 - Handle Kafka
> request SASL_HANDSHAKE
> 2016-09-15 22:06:09 DEBUG SaslServerAuthenticator:354 - Using SASL
> mechanism 'PLAIN' provided by client
> 2016-09-15 22:06:09 DEBUG SaslServerAuthenticator:269 - Set SASL server
> state to AUTHENTICATE
> 2016-09-15 22:06:09 DEBUG SaslClientAuthenticator:204 - Set SASL client
> state to INITIAL
> 2016-09-15 22:06:09 DEBUG SaslClientAuthenticator:204 - Set SASL client
> state to INTERMEDIATE
> 2016-09-15 22:06:09 DEBUG SaslServerAuthenticator:269 - Set SASL server
> state to FAILED
> 2016-09-15 22:06:09 DEBUG Selector:345 - Connection with /127.0.0.1
> disconnected
> java.io.IOException: javax.security.sasl.SaslException: Authentication
> failed: Invalid JAAS configuration [Caused by
> javax.security.sasl.SaslException: Authentication failed: Invalid username
> or password]
>     at
> org.apache.kafka.common.security.authenticator.SaslServerAuthenticator.
> authenticate(SaslServerAuthenticator.java:243)
>     at
> org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:64)
>     at
> org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.
> java:318)
>     at org.apache.kafka.common.network.Selector.poll(Selector.java:283)
>     at kafka.network.Processor.poll(SocketServer.scala:472)
>     at kafka.network.Processor.run(SocketServer.scala:412)
>     at java.lang.Thread.run(Thread.java:745)
> Caused by: javax.security.sasl.SaslException: Authentication failed:
> Invalid JAAS configuration [Caused by javax.security.sasl.SaslException:
> Authentication failed: Invalid username or password]
>     at
> org.apache.kafka.common.security.plain.PlainSaslServer.evaluateResponse(
> PlainSaslServer.java:101)
>     at
> org.apache.kafka.common.security.authenticator.SaslServerAuthenticator.
> authenticate(SaslServerAuthenticator.java:228)
>     ... 6 more
> Caused by: javax.security.sasl.SaslException: Authentication failed:
> Invalid username or password
>     at
> org.apache.kafka.common.security.plain.PlainSaslServer.evaluateResponse(
> PlainSaslServer.java:98)
>     ... 7 more
> 2016-09-15 22:06:09 DEBUG Selector:345 - Connection with 0.0.0.0/0.0.0.0
> disconnected
> java.io.EOFException
>     at
> org.apache.kafka.common.network.NetworkReceive.readFromReadableChannel(
> NetworkReceive.java:83)
>     at
> org.apache.kafka.common.network.NetworkReceive.
> readFrom(NetworkReceive.java:71)
>     at
> org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.
> receiveResponseOrToken(SaslClientAuthenticator.java:239)
>     at
> org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.
> authenticate(SaslClientAuthenticator.java:182)
>     at
> org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:64)
>     at
> org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.
> java:318)
>     at org.apache.kafka.common.network.Selector.poll(Selector.java:283)
>     at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:260)
>     at
> kafka.utils.NetworkClientBlockingOps$.recursivePoll$1(
> NetworkClientBlockingOps.scala:111)
>     at
> kafka.utils.NetworkClientBlockingOps$.kafka$utils$
> NetworkClientBlockingOps$$pollUntil$extension(NetworkClientBlockingOps.
> scala:120)
>     at
> kafka.utils.NetworkClientBlockingOps$.blockingReady$extension(
> NetworkClientBlockingOps.scala:59)
>     at
> kafka.controller.RequestSendThread.brokerReady(ControllerChannelManager.
> scala:232)
>     at
> kafka.controller.RequestSendThread.liftedTree1$1(ControllerChannelManager.
> scala:181)
>     at
> kafka.controller.RequestSendThread.doWork(ControllerChannelManager.
> scala:180)
>     at kafka.utils.ShutdownableThread.run(ShutdownableThread.scala:63)
> 2016-09-15 22:06:09 DEBUG NetworkClient:463 - Node 0 disconnected.
>
> Any thoughts?
>
> Thanks,
> Max.
>



-- 
Regards,

Rajini

Reply via email to