Hi
I am trying to setup a simple setup with one Kafka broker, and zookeeper on
the same VM. One producer and one consumer on each VM. I have setup a KDC
I am trying to following this guide:
http://docs.confluent.io/2.0.0/kafka/sasl.html#kerberos
When I start Kafka, it errors out with the following error. Do I need to
setup anything on zookeeper side as well to fix these errors ?
Thanks.
*[2017-02-16 19:05:00,583] WARN Could not login: the client is being asked
for a password, but the Zookeeper client code does not currently support
obtaining a password from the user. Make sure that the client is configured
to use a ticket cache (using the JAAS configuration setting
'useTicketCache=true)' and restart the client. If you still get this
message after that, the TGT in the ticket cache has expired and must be
manually refreshed. To do so, first determine if you are using a password
or a keytab. If the former, run kinit in a Unix shell in the environment of
the user who is running this Zookeeper client using the command 'kinit
<princ>' (where <princ> is the name of the client's Kerberos principal). If
the latter, do 'kinit -k -t <keytab> <princ>' (where <princ> is the name of
the Kerberos principal, and <keytab> is the location of the keytab file).
After manually refreshing your cache, restart this client. If you continue
to see this message after manually refreshing your cache, ensure that your
KDC host's clock is in sync with this host's clock.
(org.apache.zookeeper.client.ZooKeeperSaslClient)*
*[2017-02-16 19:05:00,584] WARN SASL configuration failed:
javax.security.auth.login.LoginException: No password provided Will
continue connection to Zookeeper server without SASL authentication, if
Zookeeper server allows it. (org.apache.zookeeper.ClientCnxn)*
*[2017-02-16 19:05:00,585] INFO Opening socket connection to server
kafka2.example.com/172.26.230.67:2181
<http://kafka2.example.com/172.26.230.67:2181>
(org.apache.zookeeper.ClientCnxn)*
*[2017-02-16 19:05:00,585] INFO zookeeper state changed (AuthFailed)
(org.I0Itec.zkclient.ZkClient)*
*[2017-02-16 19:05:00,586] INFO Terminate ZkClient event thread.
(org.I0Itec.zkclient.ZkEventThread)*
*[2017-02-16 19:05:00,591] INFO Socket connection established to
kafka2.example.com/172.26.230.67:2181
<http://kafka2.example.com/172.26.230.67:2181>, initiating session
(org.apache.zookeeper.ClientCnxn)*
*[2017-02-16 19:05:00,597] INFO Session establishment complete on server
kafka2.example.com/172.26.230.67:2181
<http://kafka2.example.com/172.26.230.67:2181>, sessionid 0x15a4a0678610002, negotiated timeout = 6000
(org.apache.zookeeper.ClientCnxn)*
*[2017-02-16 19:05:00,599] INFO Session: 0x15a4a0678610002 closed
(org.apache.zookeeper.ZooKeeper)*
*[2017-02-16 19:05:00,599] FATAL Fatal error during KafkaServer startup.
Prepare to shutdown (kafka.server.KafkaServer)*
*org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication
failure*
* at
org.I0Itec.zkclient.ZkClient.waitForKeeperState(ZkClient.java:946)*
* at
org.I0Itec.zkclient.ZkClient.waitUntilConnected(ZkClient.java:923)*
* at org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1230)*
* at org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:156)*
* at org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:130)*
* at
kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:76)*
* at kafka.utils.ZkUtils$.apply(ZkUtils.scala:58)*
* at kafka.server.KafkaServer.initZk(KafkaServer.scala:327)*
* at kafka.server.KafkaServer.startup(KafkaServer.scala:200)*
* at
kafka.server.KafkaServerStartable.startup(KafkaServerStartable.scala:39)*
* at kafka.Kafka$.main(Kafka.scala:67)*
* at kafka.Kafka.main(Kafka.scala)*
Raghav
Raghav 's gravatar image asked Feb 17 2017 at 08:56 in Incubator-Kafka-Users by Raghav

1 Answers

Hi
It seems that your keytab doesn't have the principal you configured your
"client" section to use. Post your jaas here if you want further help but
basically you should be able to do
kinit -V -k -t <your.keytab> <[email protected]>
Hi
I am trying to setup a simple setup with one Kafka broker, and zookeeper on
the same VM. One producer and one consumer on each VM. I have setup a KDC
I am trying to following this guide:
http://docs.confluent.io/2.0.0/kafka/sasl.html#kerberos
When I start Kafka, it errors out with the following error. Do I need to
setup anything on zookeeper side as well to fix these errors ?
Thanks.
*[2017-02-16 19:05:00,583] WARN Could not login: the client is being asked
for a password, but the Zookeeper client code does not currently support
obtaining a password from the user. Make sure that the client is configured
to use a ticket cache (using the JAAS configuration setting
'useTicketCache=true)' and restart the client. If you still get this
message after that, the TGT in the ticket cache has expired and must be
manually refreshed. To do so, first determine if you are using a password
or a keytab. If the former, run kinit in a Unix shell in the environment of
the user who is running this Zookeeper client using the command 'kinit
<princ>' (where <princ> is the name of the client's Kerberos principal). If
the latter, do 'kinit -k -t <keytab> <princ>' (where <princ> is the name of
the Kerberos principal, and <keytab> is the location of the keytab file).
After manually refreshing your cache, restart this client. If you continue
to see this message after manually refreshing your cache, ensure that your
KDC host's clock is in sync with this host's clock.
(org.apache.zookeeper.client.ZooKeeperSaslClient)*
*[2017-02-16 19:05:00,584] WARN SASL configuration failed:
javax.security.auth.login.LoginException: No password provided Will
continue connection to Zookeeper server without SASL authentication, if
Zookeeper server allows it. (org.apache.zookeeper.ClientCnxn)*
*[2017-02-16 19:05:00,585] INFO Opening socket connection to server
kafka2.example.com/172.26.230.67:2181
<http://kafka2.example.com/172.26.230.67:2181>
(org.apache.zookeeper.ClientCnxn)*
*[2017-02-16 19:05:00,585] INFO zookeeper state changed (AuthFailed)
(org.I0Itec.zkclient.ZkClient)*
*[2017-02-16 19:05:00,586] INFO Terminate ZkClient event thread.
(org.I0Itec.zkclient.ZkEventThread)*
*[2017-02-16 19:05:00,591] INFO Socket connection established to
kafka2.example.com/172.26.230.67:2181
<http://kafka2.example.com/172.26.230.67:2181>, initiating session
(org.apache.zookeeper.ClientCnxn)*
*[2017-02-16 19:05:00,597] INFO Session establishment complete on server
kafka2.example.com/172.26.230.67:2181
<http://kafka2.example.com/172.26.230.67:2181>, sessionid 0x15a4a0678610002, negotiated timeout = 6000
(org.apache.zookeeper.ClientCnxn)*
*[2017-02-16 19:05:00,599] INFO Session: 0x15a4a0678610002 closed
(org.apache.zookeeper.ZooKeeper)*
*[2017-02-16 19:05:00,599] FATAL Fatal error during KafkaServer startup.
Prepare to shutdown (kafka.server.KafkaServer)*
*org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication
failure*
* at
org.I0Itec.zkclient.ZkClient.waitForKeeperState(ZkClient.java:946)*
* at
org.I0Itec.zkclient.ZkClient.waitUntilConnected(ZkClient.java:923)*
* at org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1230)*
* at org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:156)*
* at org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:130)*
* at
kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:76)*
* at kafka.utils.ZkUtils$.apply(ZkUtils.scala:58)*
* at kafka.server.KafkaServer.initZk(KafkaServer.scala:327)*
* at kafka.server.KafkaServer.startup(KafkaServer.scala:200)*
* at
kafka.server.KafkaServerStartable.startup(KafkaServerStartable.scala:39)*
* at kafka.Kafka$.main(Kafka.scala:67)*
* at kafka.Kafka.main(Kafka.scala)*
Raghav
Stephane Maarek 's gravatar image answered Feb 17 2017 at 13:45 by Stephane Maarek