Major Description
kafka server&client version: 3.4.1
server.properties
#controller communicate config sasl.mechanism.controller.protocol=PLAIN #broker communicate config #security.inter.broker.protocol=SASL_PLAINTEXT inter.broker.listener.name=INTERNAL_SSL sasl.mechanism.inter.broker.protocol=PLAIN #sasl authentication config sasl.kerberos.service.name=kafka sasl.enabled.mechanisms=PLAIN,SCRAM-SHA-256,SCRAM-SHA-512,GSSAPI,OAUTHBEARER
kafkaClient test code
AdminClient adminClient = AdminClient.create(props); try { UserScramCredentialUpsertion credentialUpsertion = new UserScramCredentialUpsertion("test", new ScramCredentialInfo(ScramMechanism.SCRAM_SHA_256, 4096),"test"); adminClient.alterUserScramCredentials(Collections.singletonList(credentialUpsertion)).all().get(); Set<String> users = adminClient.describeUserScramCredentials(Collections.singletonList("test")).all().get().keySet(); System.out.println(users); Collection<Node> nodes = adminClient.describeCluster().nodes().get(); System.out.println(nodes); } catch (Exception e) { System.out.println(e.toString()); LOG.error("failed", e); } finally { adminClient.close(); }
error log
[main] INFO org.apache.kafka.common.security.authenticator.AbstractLogin - Successfully logged in. [main] INFO org.apache.kafka.common.utils.AppInfoParser - Kafka version: 3.4.1 [main] INFO org.apache.kafka.common.utils.AppInfoParser - Kafka commitId: 8a516edc2755df89 [main] INFO org.apache.kafka.common.utils.AppInfoParser - Kafka startTimeMs: 1695024285450 Disconnected from the target VM, address: '127.0.0.1:52962', transport: 'socket' java.util.concurrent.ExecutionException: org.apache.kafka.common.errors.UnsupportedVersionException: The broker does not support ALTER_USER_SCRAM_CREDENTIALS [main] ERROR us.zoom.mq.examples.AdminClientTest - failed java.util.concurrent.ExecutionException: org.apache.kafka.common.errors.UnsupportedVersionException: The broker does not support ALTER_USER_SCRAM_CREDENTIALS at java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:396) at java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:2073) at org.apache.kafka.common.internals.KafkaFutureImpl.get(KafkaFutureImpl.java:165) at us.zoom.mq.examples.AdminClientTest.main(AdminClientTest.java:50) Caused by: org.apache.kafka.common.errors.UnsupportedVersionException: The broker does not support ALTER_USER_SCRAM_CREDENTIALS [kafka-admin-client-thread | adminclient-1] INFO org.apache.kafka.common.utils.AppInfoParser - App info kafka.admin.client for adminclient-1 unregistered [kafka-admin-client-thread | adminclient-1] INFO org.apache.kafka.common.metrics.Metrics - Metrics scheduler closed [kafka-admin-client-thread | adminclient-1] INFO org.apache.kafka.common.metrics.Metrics - Closing reporter org.apache.kafka.common.metrics.JmxReporter [kafka-admin-client-thread | adminclient-1] INFO org.apache.kafka.common.metrics.Metrics - Metrics reporters closed
When executing the adminClient.describeUserScramCredentials method, an error will also be reported: java.util.concurrent.ExecutionException:
org.apache.kafka.common.errors.UnsupportedVersionException: The broker does not support DESCRIBE_USER_SCRAM_CREDENTIALS
In Kafka's official website, https://kafka.apache.org/documentation/#kraft_missing
I didn't see that Kraft does not support sasl/scram.
But when I read the sasl/scram chapter, I found that zookeeper is still used to introduce the scram authentication mechanism.
https://kafka.apache.org/documentation/#security_sasl_scram