You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "kaushik srinivas (Jira)" <ji...@apache.org> on 2021/03/23 11:31:00 UTC
[jira] [Updated] (KAFKA-12530) kafka-configs.sh does not work while
changing the sasl jaas configurations.
[ https://issues.apache.org/jira/browse/KAFKA-12530?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
kaushik srinivas updated KAFKA-12530:
-------------------------------------
Description:
We are trying to use kafka-configs script to modify the sasl jaas configurations, but unable to do so.
Command used:
./kafka-configs.sh --bootstrap-server localhost:9092 --entity-type brokers --entity-name 59 --alter --add-config 'sasl.jaas.config=KafkaServer \{\n org.apache.kafka.common.security.plain.PlainLoginModule required \n username=\"test\" \n password=\"test\"; \n };'
error:
requirement failed: Invalid entity config: all configs to be added must be in the format "key=val".
command 2:
kafka-configs.sh --bootstrap-server localhost:9092 --entity-type brokers --entity-name 59 --alter --add-config 'sasl.jaas.config=[username=test,password=test]'
output:
command does not return , but kafka broker logs below error:
DEBUG", "neid":"kafka-cfd5ccf2af7f47868e83471a5b603408", "system":"kafka", "time":"2021-03-23T08:29:00.946", "timezone":"UTC", "log":\{"message":"data-plane-kafka-network-thread-1001-ListenerName(SASL_PLAINTEXT)-SASL_PLAINTEXT-2 - org.apache.kafka.common.security.authenticator.SaslServerAuthenticator - Set SASL server state to FAILED during authentication"}}
{"type":"log", "host":"kf-kaudynamic-0", "level":"INFO", "neid":"kafka-cfd5ccf2af7f47868e83471a5b603408", "system":"kafka", "time":"2021-03-23T08:29:00.946", "timezone":"UTC", "log":{"message":"data-plane-kafka-network-thread-1001-ListenerName(SASL_PLAINTEXT)-SASL_PLAINTEXT-2 - org.apache.kafka.common.network.Selector - [SocketServer brokerId=1001] Failed authentication with /127.0.0.1 (Unexpected Kafka request of type METADATA during SASL handshake.)"}}
We have below issues:
1. If one installs kafka broker with SASL mechanism and wants to change the SASL jaas config via kafka-configs scripts, how is it supposed to be done ? Is one supposed to provide kafka-configs script credentials to get authenticated with kafka broker ?
does kafka-configs needs client credentials to do the same ?
2. Can anyone point us to example commands of kafka-configs to alter the sasl.jaas.config property of kafka broker. We do not see any documentation or examples for the same.
was:
We are trying to use kafka-configs script to modify the sasl jaas configurations, but unable to do so.
Command used:
./kafka-configs.sh --bootstrap-server localhost:9092 --entity-type brokers --entity-name 59 --alter --add-config 'sasl.jaas.config=KafkaServer \{\n org.apache.kafka.common.security.plain.PlainLoginModule required \n username=\"test\" \n password=\"test\"; \n };'
error:
requirement failed: Invalid entity config: all configs to be added must be in the format "key=val".
command 2:
kafka-configs.sh --bootstrap-server localhost:9092 --entity-type brokers --entity-name 59 --alter --add-config 'sasl.jaas.config=[username=test,password=test]'
output:
command does not return , but kafka broker logs below error:
DEBUG", "neid":"kafka-cfd5ccf2af7f47868e83471a5b603408", "system":"kafka", "time":"2021-03-23T08:29:00.946", "timezone":"UTC", "log":\{"message":"data-plane-kafka-network-thread-1001-ListenerName(SASL_PLAINTEXT)-SASL_PLAINTEXT-2 - org.apache.kafka.common.security.authenticator.SaslServerAuthenticator - Set SASL server state to FAILED during authentication"}}
{"type":"log", "host":"kf-kaudynamic-0", "level":"INFO", "neid":"kafka-cfd5ccf2af7f47868e83471a5b603408", "system":"kafka", "time":"2021-03-23T08:29:00.946", "timezone":"UTC", "log":\{"message":"data-plane-kafka-network-thread-1001-ListenerName(SASL_PLAINTEXT)-SASL_PLAINTEXT-2 - org.apache.kafka.common.network.Selector - [SocketServer brokerId=1001] Failed authentication with /127.0.0.1 (Unexpected Kafka request of type METADATA during SASL handshake.)"}}
We have below issues:
1. If one installs kafka broker with SASL mechanism and wants to change the SASL jaas config via kafka-configs scripts, how is it supposed to be done ?
does kafka-configs needs client credentials to do the same ?
2. Can anyone point us to example commands of kafka-configs to alter the sasl.jaas.config property of kafka broker. We do not see any documentation or examples for the same.
> kafka-configs.sh does not work while changing the sasl jaas configurations.
> ---------------------------------------------------------------------------
>
> Key: KAFKA-12530
> URL: https://issues.apache.org/jira/browse/KAFKA-12530
> Project: Kafka
> Issue Type: Bug
> Reporter: kaushik srinivas
> Priority: Major
>
> We are trying to use kafka-configs script to modify the sasl jaas configurations, but unable to do so.
> Command used:
> ./kafka-configs.sh --bootstrap-server localhost:9092 --entity-type brokers --entity-name 59 --alter --add-config 'sasl.jaas.config=KafkaServer \{\n org.apache.kafka.common.security.plain.PlainLoginModule required \n username=\"test\" \n password=\"test\"; \n };'
> error:
> requirement failed: Invalid entity config: all configs to be added must be in the format "key=val".
> command 2:
> kafka-configs.sh --bootstrap-server localhost:9092 --entity-type brokers --entity-name 59 --alter --add-config 'sasl.jaas.config=[username=test,password=test]'
> output:
> command does not return , but kafka broker logs below error:
> DEBUG", "neid":"kafka-cfd5ccf2af7f47868e83471a5b603408", "system":"kafka", "time":"2021-03-23T08:29:00.946", "timezone":"UTC", "log":\{"message":"data-plane-kafka-network-thread-1001-ListenerName(SASL_PLAINTEXT)-SASL_PLAINTEXT-2 - org.apache.kafka.common.security.authenticator.SaslServerAuthenticator - Set SASL server state to FAILED during authentication"}}
> {"type":"log", "host":"kf-kaudynamic-0", "level":"INFO", "neid":"kafka-cfd5ccf2af7f47868e83471a5b603408", "system":"kafka", "time":"2021-03-23T08:29:00.946", "timezone":"UTC", "log":{"message":"data-plane-kafka-network-thread-1001-ListenerName(SASL_PLAINTEXT)-SASL_PLAINTEXT-2 - org.apache.kafka.common.network.Selector - [SocketServer brokerId=1001] Failed authentication with /127.0.0.1 (Unexpected Kafka request of type METADATA during SASL handshake.)"}}
> We have below issues:
> 1. If one installs kafka broker with SASL mechanism and wants to change the SASL jaas config via kafka-configs scripts, how is it supposed to be done ? Is one supposed to provide kafka-configs script credentials to get authenticated with kafka broker ?
> does kafka-configs needs client credentials to do the same ?
> 2. Can anyone point us to example commands of kafka-configs to alter the sasl.jaas.config property of kafka broker. We do not see any documentation or examples for the same.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)