Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/507
I also remember (after fighting with this for a while this morning) that if
you don't have a JAAS config file defined then it won't work. Should this be
part of the docs in this PR??
Without it, you just get this error.
```
[root@y136 ~]# kafka-console-consumer.sh --zookeeper y113:2181 --topic bro
--security-protocol SASL_PLAINTEXT
[2017-04-28 16:47:20,596] WARN Could not login: the client is being asked
for a password, but the Zookeeper client code does not currently support
obtaining a password from the user. Make sure that the client is configured to
use a ticket cache (using the JAAS configuration setting 'useTicketCache=true)'
and restart the client. If you still get this message after that, the TGT in
the ticket cache has expired and must be manually refreshed. To do so, first
determine if you are using a password or a keytab. If the former, run kinit in
a Unix shell in the environment of the user who is running this Zookeeper
client using the command 'kinit <princ>' (where <princ> is the name of the
client's Kerberos principal). If the latter, do 'kinit -k -t <keytab> <princ>'
(where <princ> is the name of the Kerberos principal, and <keytab> is the
location of the keytab file). After manually refreshing your cache, restart
this client. If you continue to see this message after manually refreshing yo
ur cache, ensure that your KDC host's clock is in sync with this host's clock.
(org.apache.zookeeper.client.ZooKeeperSaslClient)
[2017-04-28 16:47:20,599] WARN SASL configuration failed:
javax.security.auth.login.LoginException: No password provided Will continue
connection to Zookeeper server without SASL authentication, if Zookeeper server
allows it. (org.apache.zookeeper.ClientCnxn)
No brokers found in ZK.
```
After doing the following, then it works for me.
1. Define `~/.java.login.config`
```
[root@y137 ~]# cat ~/.java.login.config
KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=false
useKeyTab=true
principal="yaf/[email protected]"
keyTab="/etc/security/keytabs/yaf.service.keytab"
renewTicket=true
debug=true
serviceName="kafka"
storeKey=true;
};
```
2. Tell the JVM where to find your JAAS file.
```
[root@y137 ~]# cat
/usr/lib/jvm/java-1.8.0-openjdk/jre/lib/security/java.security | grep login
# Class to instantiate as the javax.security.auth.login.Configuration
login.configuration.provider=sun.security.provider.ConfigFile
# Default login configuration file
#login.config.url.1=file:${user.home}/.java.login.config
login.config.url.1=file:${user.home}/.java.login.config
```
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
