Details
-
Test
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
0.11.0.1
-
None
-
None
-
raspberrypi
Description
I got very far with setting up kerberos on the raspberry pi as part of self study.
I believe that the kafka server is happy with kerberos:
[2017-11-10 12:17:51,659] INFO Successfully authenticated client: authenticationID=kafka/pi99.dev.ibm.com@DEV.IBM.COM; authorizationID=kafka/pi99.dev.ibm.com@DEV.IBM.COM. (org.apache.kafka.common.security.authenticator.SaslServerCallbackHandler)
[2017-11-10 12:17:51,661] INFO Setting authorizedID: kafka (org.apache.kafka.common.security.authenticator.SaslServerCallbackHandler)
I have setup the kafka.security.auth.SimpleAclAuthorizer
And granted the following access:
Current ACLs for resource `Topic:kerberos-topic`:
User:producer has Allow permission for operations: Describe from hosts: *
User:producer has Allow permission for operations: Write from hosts: *
User:producer@DEV.IBM.COM has Allow permission for operations: Describe from hosts: *
User:producer@DEV.IBM.COM has Allow permission for operations: Write from hosts: *
When I start the client, then I see it getting the kerberos ticket:
[main] INFO org.apache.kafka.common.security.authenticator.AbstractLogin - Successfully logged in.
[kafka-kerberos-refresh-thread-producer@DEV.IBM.COM] INFO org.apache.kafka.common.security.kerberos.KerberosLogin - [Principal=producer@DEV.IBM.COM]: TGT refresh thread started.
[kafka-kerberos-refresh-thread-producer@DEV.IBM.COM] INFO org.apache.kafka.common.security.kerberos.KerberosLogin - [Principal=producer@DEV.IBM.COM]: TGT valid starting at: Fri Nov 10 12:50:11 CET 2017
[kafka-kerberos-refresh-thread-producer@DEV.IBM.COM] INFO org.apache.kafka.common.security.kerberos.KerberosLogin - [Principal=producer@DEV.IBM.COM]: TGT expires: Fri Nov 10 22:50:11 CET 2017
[kafka-kerberos-refresh-thread-producer@DEV.IBM.COM] INFO org.apache.kafka.common.security.kerberos.KerberosLogin - [Principal=producer@DEV.IBM.COM]: TGT refresh sleeping until: Fri Nov 10 21:13:37 CET 2017
But the client fails to login:
[kafka-producer-network-thread | producer-1] WARN org.apache.kafka.clients.NetworkClient - Connection to node -1 terminated during authentication. This may indicate that authentication failed due to invalid credentials.
I do not see any warnings in the logs, so I do not have much to go on.
What can I do to get my finger behind this issue?
Thank you,
Ronald - the NOOB