On 3/11/23 16:45, Richard Bosch wrote:
I haven't worked with KRaft controllers in SASL mode yet, but could I think
that the early.start.listeners might help here. (
https://kafka.apache.org/documentation/#brokerconfigs_early.start.listeners)
It was meant to indicate that these listeners are depending on data in the
cluster itself for bootstrapping.

Can you test specifying the controller in that setting?
early.start.listeners=CONTROLLER

I would guess that it would make no sense, because the SCRAM authentication actually depends of the cluster metadata log, and the documentation says specifically "A listener should not appear in this list if it accepts external traffic". In fact, this socket should use ACLs, for your own good. So, that "early.start.listeners" would solve our issue would be quite puzzling.

That said, I have tried it anyway, just in case. The error in the log:

org.apache.kafka.common.errors.SaslAuthenticationException: Authentication failed during authentication due to invalid credentials with SASL mechanism SCRAM-SHA-256

No luck.

This actually seems like a bug in Kafka 3.6.0.

Anybody out there has a SCRAM working configuration between the controllers, using KRAFT mode?

Thanks for the suggestion.

--
Jesús Cea Avión                         _/_/      _/_/_/        _/_/_/
j...@jcea.es - https://www.jcea.es/    _/_/    _/_/  _/_/    _/_/  _/_/
Twitter: @jcea                        _/_/    _/_/          _/_/_/_/_/
jabber / xmpp:j...@jabber.org  _/_/  _/_/    _/_/          _/_/  _/_/
"Things are not so easy"      _/_/  _/_/    _/_/  _/_/    _/_/  _/_/
"My name is Dump, Core Dump"   _/_/_/        _/_/_/      _/_/  _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz

Reply via email to