You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by "Edoardo Comar (JIRA)" <ji...@apache.org> on 2016/05/10 16:52:13 UTC

[jira] [Created] (KAFKA-3688) Unable to start broker with sasl.mechanism.inter.broker.protocol=PLAIN

Edoardo Comar created KAFKA-3688:
------------------------------------

             Summary: Unable to start broker with sasl.mechanism.inter.broker.protocol=PLAIN
                 Key: KAFKA-3688
                 URL: https://issues.apache.org/jira/browse/KAFKA-3688
             Project: Kafka
          Issue Type: Bug
    Affects Versions: 0.10.0.0
            Reporter: Edoardo Comar


Starting a single broker with the following configuration :
 
server.properties:
listeners=SASL_PLAINTEXT://:9093
sasl.enabled.mechanisms=PLAIN
security.inter.broker.protocol=SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=PLAIN

jaas.conf:
KafkaServer {
  org.apache.kafka.common.security.plain.PlainLoginModule required
  serviceName="kafka"
  user_edo1="edo1pwd"
  user_edo2="edo2pwd"
  user_superkuser="wotever";
};


KafkaClient {
  org.apache.kafka.common.security.plain.PlainLoginModule required
  serviceName="kafka"
    username="superkuser"
    password="wotever";
};


results in a broker startup failure “Failed to create SaslClient with mechanism PLAIN” (see stack trace below).

Note that this configuration was attempted to try working around the issue
https://issues.apache.org/jira/browse/KAFKA-3687 
(unable to use ACLs with security.inter.broker.protocol=PLAIN).


[2016-05-10 16:54:10,730] INFO Failed to create channel due to  (org.apache.kafka.common.network.SaslChannelBuilder)
org.apache.kafka.common.KafkaException: Failed to configure SaslClientAuthenticator
	at org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.configure(SaslClientAuthenticator.java:124)
	at org.apache.kafka.common.network.SaslChannelBuilder.buildChannel(SaslChannelBuilder.java:102)
	at org.apache.kafka.common.network.Selector.connect(Selector.java:177)
	at org.apache.kafka.clients.NetworkClient.initiateConnect(NetworkClient.java:498)
	at org.apache.kafka.clients.NetworkClient.ready(NetworkClient.java:159)
	at kafka.utils.NetworkClientBlockingOps$.blockingReady$extension(NetworkClientBlockingOps.scala:59)
	at kafka.controller.RequestSendThread.brokerReady(ControllerChannelManager.scala:232)
	at kafka.controller.RequestSendThread.liftedTree1$1(ControllerChannelManager.scala:181)
	at kafka.controller.RequestSendThread.doWork(ControllerChannelManager.scala:180)
	at kafka.utils.ShutdownableThread.run(ShutdownableThread.scala:63)
Caused by: org.apache.kafka.common.KafkaException: Failed to create SaslClient with mechanism PLAIN
	at org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.createSaslClient(SaslClientAuthenticator.java:139)
	at org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.configure(SaslClientAuthenticator.java:122)
	... 9 more
Caused by: javax.security.sasl.SaslException: Cannot get userid/password [Caused by javax.security.auth.callback.UnsupportedCallbackException: Could not login: the client is being asked for a password, but the Kafka client code does not currently support obtaining a password from the user.]
	at com.sun.security.sasl.ClientFactoryImpl.getUserInfo(ClientFactoryImpl.java:157)
	at com.sun.security.sasl.ClientFactoryImpl.createSaslClient(ClientFactoryImpl.java:94)
	at javax.security.sasl.Sasl.createSaslClient(Sasl.java:372)
	at org.apache.kafka.common.security.authenticator.SaslClientAuthenticator$1.run(SaslClientAuthenticator.java:135)
	at org.apache.kafka.common.security.authenticator.SaslClientAuthenticator$1.run(SaslClientAuthenticator.java:1)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAs(Subject.java:415)
	at org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.createSaslClient(SaslClientAuthenticator.java:130)
	... 10 more
Caused by: javax.security.auth.callback.UnsupportedCallbackException: Could not login: the client is being asked for a password, but the Kafka client code does not currently support obtaining a password from the user.
	at org.apache.kafka.common.security.authenticator.SaslClientCallbackHandler.handle(SaslClientCallbackHandler.java:73)
	at com.sun.security.sasl.ClientFactoryImpl.getUserInfo(ClientFactoryImpl.java:136)
	... 17 more


discovered in collaboration with [~mimaison]



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)