[jira] [Created] (KAFKA-2731) Kerberos on same host with Kafka does not find server in it's database on Ubuntu

Tue, 03 Nov 2015 07:11:36 -0800 

Mohammad Abbasi created KAFKA-2731:
--------------------------------------

             Summary: Kerberos on same host with Kafka does not find server in 
it's database on Ubuntu
                 Key: KAFKA-2731
                 URL: https://issues.apache.org/jira/browse/KAFKA-2731
             Project: Kafka
          Issue Type: Bug
    Affects Versions: 0.9.0.0
            Reporter: Mohammad Abbasi


Configuring Kafka to use keytab created in Kerberos, as it's said in 
https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61326390,
Kerberos logs:
Nov 02 17:25:13 myhost krb5kdc[3307](info): TGS_REQ (5 etypes {17 16 23 1 3}) 
192.168.18.241: LOOKING_UP_SERVER: authtime 0,  kafka/[email protected] for <unknown 
server>, Server not found in Kerberos database
Kafka's log:
SASL Connection info:
[2015-11-03 18:33:00,544] DEBUG creating sasl client: 
client=kafka/[email protected];service=zookeeper;serviceHostname=myhost 
(org.apache.zookeeper.client.ZooKeeperSaslClient)
and error:
[2015-11-03 18:33:00,607] ERROR An error: 
(java.security.PrivilegedActionException: javax.security.sasl.SaslException: 
GSS initiate failed [Caused by GSSException: No valid credentials provided 
(Mechanism level: Server not found in Kerberos database (7) - 
LOOKING_UP_SERVER)]) occurred when evaluating Zookeeper Quorum Member's  
received SASL token. Zookeeper Client will go to AUTH_FAILED state. 
(org.apache.zookeeper.client.ZooKeeperSaslClient)
[2015-11-03 18:33:00,607] ERROR SASL authentication with Zookeeper Quorum 
member failed: javax.security.sasl.SaslException: An error: 
(java.security.PrivilegedActionException: javax.security.sasl.SaslException: 
GSS initiate failed [Caused by GSSException: No valid credentials provided 
(Mechanism level: Server not found in Kerberos database (7) - 
LOOKING_UP_SERVER)]) occurred when evaluating Zookeeper Quorum Member's  
received SASL token. Zookeeper Client will go to AUTH_FAILED state. 
(org.apache.zookeeper.ClientCnxn)

Kerberos works ok in kinit and kvno with the keytab.
Some people said it's DNS or /etc/hosts problem, but nslookup was ok with ip 
and hostname
and /etc/hosts is: 
127.0.0.1       myhost localhost

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

I tested it with the host's ip too.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to