You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "rujia (Jira)" <ji...@apache.org> on 2020/06/29 03:37:00 UTC

[jira] [Comment Edited] (RANGER-2810) Kafka with Ranger plugin will fail

    [ https://issues.apache.org/jira/browse/RANGER-2810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17147519#comment-17147519 ] 

rujia edited comment on RANGER-2810 at 6/29/20, 3:36 AM:
---------------------------------------------------------

this problem is caused by kafka run witout core-site.xml, and then kakfa-plugin add OS user to principal list of subject, when the server principal expired, the server pricipal will be remove from principal list and re-append(relogin), so the OS user will be the fiest one, and then will cause GSSAPI error then do connection


was (Author: rujia1019):
this problem is caused by kafka run witout core-site.xml, and then kakfa-plugin add OS user to principal list of subject, when the server principal expired, the os user will be remove and append to the principal list, the OS user will be the fiest one, and then will cause GSSAPI error then do connection

> Kafka with Ranger plugin will fail
> ----------------------------------
>
>                 Key: RANGER-2810
>                 URL: https://issues.apache.org/jira/browse/RANGER-2810
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>    Affects Versions: master, 2.0.0, 2.1.0
>         Environment: CentOS Linux release 7.6.1810 (Core)
> Ranger 2.0.0
>            Reporter: bright.zhou
>            Assignee: Pradeep Agrawal
>            Priority: Blocker
>         Attachments: image-2020-06-15-14-46-53-528.png
>
>
> We use Ranger plugin to admin acls of Kafka cluster. At first , everything is ok, but after 10h+ of kafka start, there is something wrong occured, we can see error log in kafka-root.log, the error log is `Authentication failed during authentication due to xxx with SASL mechanism GSSAPI: GSS context targ name protocol error: xxxxx `。To solve this we had to restart Kafka, It's so strange that if i change `authorizer.class.name` to `kafka.security.auth.SimpleAclAuthorizer` it will be ok . In theory, ranger is related with acls and not related with SASL authentication，so i want to ask for help.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)