[jira] [Resolved] (KAFKA-3688) Unable to start broker with sasl.mechanism.inter.broker.protocol=PLAIN

["Edoardo Comar (JIRA)" <ji...@apache.org>]

     [ https://issues.apache.org/jira/browse/KAFKA-3688?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Edoardo Comar resolved KAFKA-3688.
----------------------------------
    Resolution: Invalid

> Unable to start broker with sasl.mechanism.inter.broker.protocol=PLAIN
> ----------------------------------------------------------------------
>
>                 Key: KAFKA-3688
>                 URL: https://issues.apache.org/jira/browse/KAFKA-3688
>             Project: Kafka
>          Issue Type: Bug
>    Affects Versions: 0.10.0.0
>            Reporter: Edoardo Comar
>
> Starting a single broker with the following configuration :
>  
> server.properties:
> listeners=SASL_PLAINTEXT://:9093
> sasl.enabled.mechanisms=PLAIN
> security.inter.broker.protocol=SASL_PLAINTEXT
> sasl.mechanism.inter.broker.protocol=PLAIN
> jaas.conf:
> KafkaServer {
>   org.apache.kafka.common.security.plain.PlainLoginModule required
>   serviceName="kafka"
>   user_edo1="edo1pwd"
>   user_edo2="edo2pwd"
>   user_superkuser="wotever";
> };
> KafkaClient {
>   org.apache.kafka.common.security.plain.PlainLoginModule required
>   serviceName="kafka"
>     username="superkuser"
>     password="wotever";
> };
> results in a broker startup failure “Failed to create SaslClient with mechanism PLAIN” (see stack trace below).
> Note that this configuration was attempted to try working around the issue
> https://issues.apache.org/jira/browse/KAFKA-3687 
> (unable to use ACLs with security.inter.broker.protocol=PLAIN).
> [2016-05-10 16:54:10,730] INFO Failed to create channel due to  (org.apache.kafka.common.network.SaslChannelBuilder)
> org.apache.kafka.common.KafkaException: Failed to configure SaslClientAuthenticator
> 	at org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.configure(SaslClientAuthenticator.java:124)
> 	at org.apache.kafka.common.network.SaslChannelBuilder.buildChannel(SaslChannelBuilder.java:102)
> 	at org.apache.kafka.common.network.Selector.connect(Selector.java:177)
> 	at org.apache.kafka.clients.NetworkClient.initiateConnect(NetworkClient.java:498)
> 	at org.apache.kafka.clients.NetworkClient.ready(NetworkClient.java:159)
> 	at kafka.utils.NetworkClientBlockingOps$.blockingReady$extension(NetworkClientBlockingOps.scala:59)
> 	at kafka.controller.RequestSendThread.brokerReady(ControllerChannelManager.scala:232)
> 	at kafka.controller.RequestSendThread.liftedTree1$1(ControllerChannelManager.scala:181)
> 	at kafka.controller.RequestSendThread.doWork(ControllerChannelManager.scala:180)
> 	at kafka.utils.ShutdownableThread.run(ShutdownableThread.scala:63)
> Caused by: org.apache.kafka.common.KafkaException: Failed to create SaslClient with mechanism PLAIN
> 	at org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.createSaslClient(SaslClientAuthenticator.java:139)
> 	at org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.configure(SaslClientAuthenticator.java:122)
> 	... 9 more
> Caused by: javax.security.sasl.SaslException: Cannot get userid/password [Caused by javax.security.auth.callback.UnsupportedCallbackException: Could not login: the client is being asked for a password, but the Kafka client code does not currently support obtaining a password from the user.]
> 	at com.sun.security.sasl.ClientFactoryImpl.getUserInfo(ClientFactoryImpl.java:157)
> 	at com.sun.security.sasl.ClientFactoryImpl.createSaslClient(ClientFactoryImpl.java:94)
> 	at javax.security.sasl.Sasl.createSaslClient(Sasl.java:372)
> 	at org.apache.kafka.common.security.authenticator.SaslClientAuthenticator$1.run(SaslClientAuthenticator.java:135)
> 	at org.apache.kafka.common.security.authenticator.SaslClientAuthenticator$1.run(SaslClientAuthenticator.java:1)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at javax.security.auth.Subject.doAs(Subject.java:415)
> 	at org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.createSaslClient(SaslClientAuthenticator.java:130)
> 	... 10 more
> Caused by: javax.security.auth.callback.UnsupportedCallbackException: Could not login: the client is being asked for a password, but the Kafka client code does not currently support obtaining a password from the user.
> 	at org.apache.kafka.common.security.authenticator.SaslClientCallbackHandler.handle(SaslClientCallbackHandler.java:73)
> 	at com.sun.security.sasl.ClientFactoryImpl.getUserInfo(ClientFactoryImpl.java:136)
> 	... 17 more
> discovered in collaboration with [~mimaison]



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)