[jira] [Created] (RANGER-3781) Unable to connect to Kafka instance.org.apache.kafka.common.errors.SaslAuthenticationException: Authentication failed during authentication due to invalid credentials with SASL mechanism GSSAPI

Sergey Shevchenko (Jira) Sun, 05 Jun 2022 00:21:04 -0700

Sergey Shevchenko created RANGER-3781:
-----------------------------------------


             Summary: Unable to connect to Kafka 
instance.org.apache.kafka.common.errors.SaslAuthenticationException: 
Authentication failed during authentication due to invalid credentials with 
SASL mechanism GSSAPI
                 Key: RANGER-3781
                 URL: https://issues.apache.org/jira/browse/RANGER-3781
             Project: Ranger
          Issue Type: Bug
          Components: Ranger
    Affects Versions: 3.0.0
         Environment: Centos-7 & Ubuntu-20.04
ConfluentKafka-7.1.0
Ranger-3.0.0-Snapshot (22 may 2022)
            Reporter: Sergey Shevchenko


Unable to connect to Kafka 
instance.org.apache.kafka.common.errors.SaslAuthenticationException: 
Authentication failed during authentication due to invalid credentials with 
SASL mechanism GSSAPI

We cannot retrieve topics list in RangerAdmin from our SSL+kerberized Kafka 
instance with customized Kafka-service name. "TestConnection" from the 
RangerAdmin UI fails for our instance:
[2022-06-05 10:17:54,761] INFO [SocketServer listenerType=ZK_BROKER, nodeId=1] 
Failed authentication with /10.120.74.248 (Authentication failed during 
authentication due to invalid credentials with SASL mechanism GSSAPI) 
(org.apache.kafka.common.network.Selector)


At the same time standard kafka-console consumer working good:
kafkaServer.out (fragment):
[2022-06-05 09:56:15,543] INFO Successfully authenticated client: 
[email protected]; 
[email protected]. 
(org.apache.kafka.common.security.authenticator.SaslServerCallbackHandler)
[2022-06-05 09:56:18,744] INFO 
\{"repoType":9,"repo":"kafkats","reqUser":"dl-etl","evtTime":"2022-06-05 
09:56:15.582","access":"consume","resource":"test","resType":"topic","action":"consume","result":1,"agent":"kafka","policy":7,"enforcer":"ranger-acl","cliIP":"10.120.74.22","reqData":"test","agentHost":"stal-dtl-109","logType":"RangerAudit","id":"cda2610d-6643-48c3-a4f8-df326c1dee9d-11","seq_num":23,"event_count":2,"event_dur_ms":75,"tags":[],"cluster_name":"","policy_version":4}
 (xaaudit)
[2022-06-05 09:56:18,744] INFO 
\{"repoType":9,"repo":"kafkats","reqUser":"dl-etl","evtTime":"2022-06-05 
09:56:15.289","access":"describe","resource":"test","resType":"topic","action":"describe","result":1,"agent":"kafka","policy":7,"enforcer":"ranger-acl","cliIP":"10.120.74.22","reqData":"test","agentHost":"stal-dtl-109","logType":"RangerAudit","id":"cda2610d-6643-48c3-a4f8-df326c1dee9d-3","seq_num":7,"event_count":3,"event_dur_ms":261,"tags":[],"cluster_name":"","policy_version":4}
 (xaaudit)
[2022-06-05 09:56:18,745] INFO 
\{"repoType":9,"repo":"kafkats","reqUser":"dl-etl","evtTime":"2022-06-05 
09:56:15.309","access":"describe","resource":"console-consumer-12414","resType":"consumergroup","action":"describe","result":1,"agent":"kafka","policy":6,"enforcer":"ranger-acl","cliIP":"10.120.74.22","reqData":"console-consumer-12414","agentHost":"stal-dtl-109","logType":"RangerAudit","id":"cda2610d-6643-48c3-a4f8-df326c1dee9d-4","seq_num":9,"event_count":2,"event_dur_ms":180,"tags":[],"cluster_name":"","policy_version":1}
 (xaaudit)
[2022-06-05 09:56:18,745] INFO 
\{"repoType":9,"repo":"kafkats","reqUser":"dl-etl","evtTime":"2022-06-05 
09:56:15.355","access":"consume","resource":"console-consumer-12414","resType":"consumergroup","action":"consume","result":1,"agent":"kafka","policy":6,"enforcer":"ranger-acl","cliIP":"10.120.74.22","reqData":"console-consumer-12414","agentHost":"stal-dtl-109","logType":"RangerAudit","id":"cda2610d-6643-48c3-a4f8-df326c1dee9d-5","seq_num":11,"event_count":3,"event_dur_ms":47,"tags":[],"cluster_name":"","policy_version":1}
 (xaaudit)
[2022-06-05 09:56:21,744] INFO 
\{"repoType":9,"repo":"kafkats","reqUser":"dl-etl","evtTime":"2022-06-05 
09:56:16.169","access":"consume","resource":"test","resType":"topic","action":"consume","result":1,"agent":"kafka","policy":7,"enforcer":"ranger-acl","cliIP":"10.120.74.22","reqData":"test","agentHost":"stal-dtl-109","logType":"RangerAudit","id":"cda2610d-6643-48c3-a4f8-df326c1dee9d-13","seq_num":27,"event_count":10,"event_dur_ms":4546,"tags":[],"cluster_name":"","policy_version":4}
 (xaaudit)
[2022-06-05 09:56:21,744] INFO 
\{"repoType":9,"repo":"kafkats","reqUser":"dl-etl","evtTime":"2022-06-05 
09:56:18.483","access":"consume","resource":"console-consumer-12414","resType":"consumergroup","action":"consume","result":1,"agent":"kafka","policy":6,"enforcer":"ranger-acl","cliIP":"10.120.74.22","reqData":"console-consumer-12414","agentHost":"stal-dtl-109","logType":"RangerAudit","id":"cda2610d-6643-48c3-a4f8-df326c1dee9d-18","seq_num":37,"event_count":1,"event_dur_ms":1,"tags":[],"cluster_name":"","policy_version":1}
 (xaaudit)





 



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

[jira] [Created] (RANGER-3781) Unable to connect to Kafka instance.org.apache.kafka.common.errors.SaslAuthenticationException: Authentication failed during authentication due to invalid credentials with SASL mechanism GSSAPI

Reply via email to