Ronald van de Kuil created KAFKA-6198: -----------------------------------------
Summary: kerberos login fails Key: KAFKA-6198 URL: https://issues.apache.org/jira/browse/KAFKA-6198 Project: Kafka Issue Type: Test Components: clients Affects Versions: 0.11.0.1 Environment: raspberrypi Reporter: Ronald van de Kuil Priority: Minor I got very far with setting up kerberos on the raspberry pi as part of self study. I believe that the kafka server is happy with kerberos: [2017-11-10 12:17:51,659] INFO Successfully authenticated client: authenticationID=kafka/pi99.dev.ibm....@dev.ibm.com; authorizationID=kafka/pi99.dev.ibm....@dev.ibm.com. (org.apache.kafka.common.security.authenticator.SaslServerCallbackHandler) [2017-11-10 12:17:51,661] INFO Setting authorizedID: kafka (org.apache.kafka.common.security.authenticator.SaslServerCallbackHandler) I have setup the kafka.security.auth.SimpleAclAuthorizer And granted the following access: Current ACLs for resource `Topic:kerberos-topic`: User:producer has Allow permission for operations: Describe from hosts: * User:producer has Allow permission for operations: Write from hosts: * User:produ...@dev.ibm.com has Allow permission for operations: Describe from hosts: * User:produ...@dev.ibm.com has Allow permission for operations: Write from hosts: * When I start the client, then I see it getting the kerberos ticket: [main] INFO org.apache.kafka.common.security.authenticator.AbstractLogin - Successfully logged in. [kafka-kerberos-refresh-thread-produ...@dev.ibm.com] INFO org.apache.kafka.common.security.kerberos.KerberosLogin - [Principal=produ...@dev.ibm.com]: TGT refresh thread started. [kafka-kerberos-refresh-thread-produ...@dev.ibm.com] INFO org.apache.kafka.common.security.kerberos.KerberosLogin - [Principal=produ...@dev.ibm.com]: TGT valid starting at: Fri Nov 10 12:50:11 CET 2017 [kafka-kerberos-refresh-thread-produ...@dev.ibm.com] INFO org.apache.kafka.common.security.kerberos.KerberosLogin - [Principal=produ...@dev.ibm.com]: TGT expires: Fri Nov 10 22:50:11 CET 2017 [kafka-kerberos-refresh-thread-produ...@dev.ibm.com] INFO org.apache.kafka.common.security.kerberos.KerberosLogin - [Principal=produ...@dev.ibm.com]: TGT refresh sleeping until: Fri Nov 10 21:13:37 CET 2017 But the client fails to login: [kafka-producer-network-thread | producer-1] WARN org.apache.kafka.clients.NetworkClient - Connection to node -1 terminated during authentication. This may indicate that authentication failed due to invalid credentials. I do not see any warnings in the logs, so I do not have much to go on. What can I do to get my finger behind this issue? Thank you, Ronald - the NOOB -- This message was sent by Atlassian JIRA (v6.4.14#64029)