You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by "Edoardo Comar (JIRA)" <ji...@apache.org> on 2016/05/10 18:25:12 UTC
[jira] [Resolved] (KAFKA-3688) Unable to start broker with
sasl.mechanism.inter.broker.protocol=PLAIN
[ https://issues.apache.org/jira/browse/KAFKA-3688?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Edoardo Comar resolved KAFKA-3688.
----------------------------------
Resolution: Invalid
> Unable to start broker with sasl.mechanism.inter.broker.protocol=PLAIN
> ----------------------------------------------------------------------
>
> Key: KAFKA-3688
> URL: https://issues.apache.org/jira/browse/KAFKA-3688
> Project: Kafka
> Issue Type: Bug
> Affects Versions: 0.10.0.0
> Reporter: Edoardo Comar
>
> Starting a single broker with the following configuration :
>
> server.properties:
> listeners=SASL_PLAINTEXT://:9093
> sasl.enabled.mechanisms=PLAIN
> security.inter.broker.protocol=SASL_PLAINTEXT
> sasl.mechanism.inter.broker.protocol=PLAIN
> jaas.conf:
> KafkaServer {
> org.apache.kafka.common.security.plain.PlainLoginModule required
> serviceName="kafka"
> user_edo1="edo1pwd"
> user_edo2="edo2pwd"
> user_superkuser="wotever";
> };
> KafkaClient {
> org.apache.kafka.common.security.plain.PlainLoginModule required
> serviceName="kafka"
> username="superkuser"
> password="wotever";
> };
> results in a broker startup failure “Failed to create SaslClient with mechanism PLAIN” (see stack trace below).
> Note that this configuration was attempted to try working around the issue
> https://issues.apache.org/jira/browse/KAFKA-3687
> (unable to use ACLs with security.inter.broker.protocol=PLAIN).
> [2016-05-10 16:54:10,730] INFO Failed to create channel due to (org.apache.kafka.common.network.SaslChannelBuilder)
> org.apache.kafka.common.KafkaException: Failed to configure SaslClientAuthenticator
> at org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.configure(SaslClientAuthenticator.java:124)
> at org.apache.kafka.common.network.SaslChannelBuilder.buildChannel(SaslChannelBuilder.java:102)
> at org.apache.kafka.common.network.Selector.connect(Selector.java:177)
> at org.apache.kafka.clients.NetworkClient.initiateConnect(NetworkClient.java:498)
> at org.apache.kafka.clients.NetworkClient.ready(NetworkClient.java:159)
> at kafka.utils.NetworkClientBlockingOps$.blockingReady$extension(NetworkClientBlockingOps.scala:59)
> at kafka.controller.RequestSendThread.brokerReady(ControllerChannelManager.scala:232)
> at kafka.controller.RequestSendThread.liftedTree1$1(ControllerChannelManager.scala:181)
> at kafka.controller.RequestSendThread.doWork(ControllerChannelManager.scala:180)
> at kafka.utils.ShutdownableThread.run(ShutdownableThread.scala:63)
> Caused by: org.apache.kafka.common.KafkaException: Failed to create SaslClient with mechanism PLAIN
> at org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.createSaslClient(SaslClientAuthenticator.java:139)
> at org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.configure(SaslClientAuthenticator.java:122)
> ... 9 more
> Caused by: javax.security.sasl.SaslException: Cannot get userid/password [Caused by javax.security.auth.callback.UnsupportedCallbackException: Could not login: the client is being asked for a password, but the Kafka client code does not currently support obtaining a password from the user.]
> at com.sun.security.sasl.ClientFactoryImpl.getUserInfo(ClientFactoryImpl.java:157)
> at com.sun.security.sasl.ClientFactoryImpl.createSaslClient(ClientFactoryImpl.java:94)
> at javax.security.sasl.Sasl.createSaslClient(Sasl.java:372)
> at org.apache.kafka.common.security.authenticator.SaslClientAuthenticator$1.run(SaslClientAuthenticator.java:135)
> at org.apache.kafka.common.security.authenticator.SaslClientAuthenticator$1.run(SaslClientAuthenticator.java:1)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:415)
> at org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.createSaslClient(SaslClientAuthenticator.java:130)
> ... 10 more
> Caused by: javax.security.auth.callback.UnsupportedCallbackException: Could not login: the client is being asked for a password, but the Kafka client code does not currently support obtaining a password from the user.
> at org.apache.kafka.common.security.authenticator.SaslClientCallbackHandler.handle(SaslClientCallbackHandler.java:73)
> at com.sun.security.sasl.ClientFactoryImpl.getUserInfo(ClientFactoryImpl.java:136)
> ... 17 more
> discovered in collaboration with [~mimaison]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)