You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@kafka.apache.org by "Rumney, Owen (HARVEY NASH)" <Ow...@bp.com> on 2017/03/02 10:08:38 UTC
SASL/PLAIN text
Hi
I've got a 3 broker kerberised Kafka 0.10 install running in Cloudera and I'm trying to authenticate with SASL/PLAIN
I'm passing kafka_server_jaas.conf into the JVM on each of the brokers.
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username=admin
password=password1
user_admin=password1
user_remote=password1;
};
My server.properties (or kafka.properties as Cloudera renames it) is set as below;
listeners=SASL_SSL://10.10.3.47:9093 # ip set for each broker
advertised.listeners=SASL_SSL://10.10.3.47:9093 # ip set for each broker
sasl.enabled.mechanisms=GSSAPI,PLAIN
security.inter.broker.protocol=SASL_SSL
sasl.mechanism.inter.broker.protocol=GSSAPI
When Kafka starts up, the inter-broker communication is all fine, but when I try to connect using the console producer I get a Timeout failed to update metadata
bin/kafka-consolproducer --broker-list 10.10.3.161:9093 --topic test1 --producer.config client.properties.plain
client.properties.plain is set to
security.protocol=SASL_SSL
sasl.mechanism=PLAIN
finally, the client side jaas.conf
KafkaClient {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="remote"
password="password1";
};
As far as I can tell I've followed all instructions correctly, can anyone see anything wrong?
Thanks,
Owen