Re: Cannot create topics when zookeeper.set.acl=true

Thu, 23 Aug 2018 04:51:02 -0700 

Hi,

I am not using kerberos only

Client {
   org.apache.kafka.common.security.plain.PlainLoginModule required
   username="user"
   password="user-secret";
};

Does that make a difference?

What do you mean with AdminClient API?

Regards Hans

Op do 23 aug. 2018 om 13:34 schreef Manikumar <manikumar.re...@gmail.com>:

> We can pass jaas conf by exporting below variable before starting the
> kafka-acls.sh script. another option is to use AdminClient API.
>
> export KAFKA_OPTS="-Djava.security.krb5.conf=/etc/krb5.conf
> -Djava.security.auth.login.config=zk_client_jaas.conf"
>
> zk_client_jaas.conf:
> // Zookeeper client authentication
> Client {
> com.sun.security.auth.module.Krb5LoginModule required
> useKeyTab=true
> storeKey=true
> keyTab="/etc/security/keytabs/kafka_server.keytab"
> principal="kafka/kafka1.hostname....@example.com";
> };
>
> On Thu, Aug 23, 2018 at 4:44 PM HG <hanspeter.sl...@gmail.com> wrote:
>
> > Hi,
> >
> > I searched for an option with which I can provide credentials but I did
> not
> > find them.
> > Is there another way to reach the same goal?
> > Regards Hans
> >
> > Op do 23 aug. 2018 om 13:00 schreef Manikumar <manikumar.re...@gmail.com
> >:
> >
> > > "kafka-acls.sh" script  communicates directly with zookeeper.
> > > We should run kafka-acls.sh as kafka user (super user) to get write
> > > permission on zk.
> > > We should pass required jaas conf to the script.
> > >
> > > On Thu, Aug 23, 2018 at 3:02 PM HG <hanspeter.sl...@gmail.com> wrote:
> > >
> > > > Hi,
> > > >
> > > > I have an environment with SSL, SASL and ACL's enabled.
> > > > When I set zookeeper.set_acl=true in the server.properties file of
> the
> > > > brokers I cannot create topics , ACL's  etc.
> > > >
> > > > [root@host201 kafka]# bin/kafka-acls.sh --authorizer-properties
> > > > zookeeper.connect=localhost:2181 --add  --allow-principal User:admin
> > > > --operation All --topic '*' --cluster
> > > > Error while executing ACL command: KeeperErrorCode = NoAuth for
> > > > /kafka-acl/Topic
> > > > org.apache.zookeeper.KeeperException$NoAuthException:
> KeeperErrorCode =
> > > > NoAuth for /kafka-acl/Topic
> > > >         at
> > > > org.apache.zookeeper.KeeperException.create(KeeperException.java:113)
> > > >     ..
> > > > I have specified super users too in the server.properties.
> > > >
> > > > Any idea's what I am doing wrong?
> > > >
> > > > Regards Hans
> > > >
> > >
> >
>

Reply via email to