Re: NO SCRAM-SASL AUTHENTICATION BETWEEN KRAFT CONTROL NODES

Fri, 03 Nov 2023 08:45:46 -0700 

I haven't worked with KRaft controllers in SASL mode yet, but could I think
that the early.start.listeners might help here. (
https://kafka.apache.org/documentation/#brokerconfigs_early.start.listeners)
It was meant to indicate that these listeners are depending on data in the
cluster itself for bootstrapping.

Can you test specifying the controller in that setting?
early.start.listeners=CONTROLLER


Kind regards,


Richard Bosch

Developer Advocate

Axual BV

https://axual.com/


On Fri, Nov 3, 2023 at 4:03 PM Jesus Cea <j...@jcea.es> wrote:

> On 3/11/23 11:25, Daniele Carminati wrote:
> > But, when i try to enable SCRAM/SASL on controller -> controller
> > i get this error
> > [2023-11-03 09:05:02,134] INFO [SocketServer listenerType=CONTROLLER,
> > nodeId=1] Failed authentication with /192.168.1.34
> > (channelId=192.168.1.33:9093-192.168.1.34:56006-1304) (Authentication
> > failed during authentication due to invalid credentials with SASL
> mechanism
> > SCRAM-SHA-256) (org.apache.kafka.common.network.Selector)
> >
> >
> > NON WORKING KAFKA INTER CONTROLLER SCRAM CONFIGURATIONS
>
> I have the very same issue, as documented in an email to the mailing
> list at October, 27th.
>
> > WORKING  CONFIGURATIONS
> >
> > “kafka controller only node”
> > process.roles=controller
> > node.id=1
> > controller.quorum.voters=1@kraft-ct-1:9093,2@kraft-ct-2
> :9093,3@kraft-ct-3
> > :9093
> > listeners=CONTROLLER://kraft-ct-1:9093
> > controller.listener.names=CONTROLLER
> >
> listener.security.protocol.map=CONTROLLER:SSL,SSL:SSL,SASL_PLAINTEXT:SASL_PLAINTEXT,SASL_SSL:SASL_SSL
> > listener.name.controller.ssl.client.auth=required
>
> I guess you are using here broker's X.509 client certificates for
> authentication (to the controllers) and that works fine?
>
> --
> Jesús Cea Avión                         _/_/      _/_/_/        _/_/_/
> j...@jcea.es - https://www.jcea.es/    _/_/    _/_/  _/_/    _/_/  _/_/
> Twitter: @jcea                        _/_/    _/_/          _/_/_/_/_/
> jabber / xmpp:j...@jabber.org  _/_/  _/_/    _/_/          _/_/  _/_/
> "Things are not so easy"      _/_/  _/_/    _/_/  _/_/    _/_/  _/_/
> "My name is Dump, Core Dump"   _/_/_/        _/_/_/      _/_/  _/_/
> "El amor es poner tu felicidad en la felicidad de otro" - Leibniz
>

Reply via email to