You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@kafka.apache.org by "Rumney, Owen (HARVEY NASH)" <Ow...@bp.com> on 2017/03/02 10:08:38 UTC

SASL/PLAIN text

Hi

I've got a 3 broker kerberised Kafka 0.10 install running in Cloudera and I'm trying to authenticate with SASL/PLAIN

I'm passing kafka_server_jaas.conf into the JVM on each of the brokers.


KafkaServer {
  org.apache.kafka.common.security.plain.PlainLoginModule required
  username=admin
  password=password1
  user_admin=password1
  user_remote=password1;
};

My server.properties (or kafka.properties as Cloudera renames it) is set as below;


listeners=SASL_SSL://10.10.3.47:9093 # ip set for each broker
advertised.listeners=SASL_SSL://10.10.3.47:9093 # ip set for each broker
sasl.enabled.mechanisms=GSSAPI,PLAIN
security.inter.broker.protocol=SASL_SSL
sasl.mechanism.inter.broker.protocol=GSSAPI

When Kafka starts up, the inter-broker communication is all fine, but when I try to connect using the console producer I get a Timeout failed to update metadata


bin/kafka-consolproducer --broker-list 10.10.3.161:9093 --topic test1 --producer.config client.properties.plain

client.properties.plain is set to


security.protocol=SASL_SSL
sasl.mechanism=PLAIN

finally, the client side jaas.conf


KafkaClient {
        org.apache.kafka.common.security.plain.PlainLoginModule required
        username="remote"
        password="password1";
};

As far as I can tell I've followed all instructions correctly, can anyone see anything wrong?

Thanks,
Owen