Alok, thanks for confirming. I looked into the code. We are catching the below error and ignoring it.
Yuhuan, does Kafka work even after getting this error? Technically it should, unless something fails later. Just note, if there is not Kerberos, then only IP based policies makes sense. Thanks Bosco On 4/12/16, 5:04 PM, "[email protected]" <[email protected]> wrote: >@Bosco my testing was around verifying ability to authorize access to Secure >Kafka simultaneously over a secure and insecure channel. > >To give context to others on this list: Rationale for the above testing was to >avoid regression for users who are already using a secure cluster with >insecure Kafka. Note that existing applications don’t have any security so >aim of testing was to ensure that those legacy applications would continue to >work via insecure channel support. Over time such users would transition >applications over to secure channel to leveraged from fine grained >authorization. Those findings are captured here ><https://cwiki.apache.org/confluence/display/RANGER/Kafka+Plugin>. > >Thanks > > > > >On 4/12/16, 3:21 PM, "Don Bosco Durai" <[email protected]> wrote: > >>+Harsha >> >>This is an interesting issue. In the final release version, if I am not >>wrong, Kafka started supporting both secure and non-secure in the same >>deployment, but by using different ports. >> >>I have copied Harsha from the Kafka community. He should be able to answer >>what was finally included in Kafka 0.9. >> >>I didn’t the test Ranger+Kafka without Kerberos, but technically, we should >>be able to support non-secure deployment with IP based policies. >> >>Alok, I remember you trying IP based policies. Were there in a non-kerberos >>mode? >> >>Thanks >> >>Bosco >> >> >>From: Gautam Borad <[email protected]> >>Reply-To: <[email protected]> >>Date: Monday, April 11, 2016 at 2:36 AM >>To: "[email protected]" <[email protected]>, >>"[email protected]" <[email protected]> >>Subject: Re: Does apache kafka authorizer must Dependent on kerberos ? >> >>+ dev list >> >>Hi Yuhuan, Yes, you are right, the KAFKA plugins works only in >>secure(kerberos) mode. >> >>On Mon, Apr 11, 2016 at 1:54 PM, [email protected] <[email protected]> >>wrote: >>Hi gborad: >> >>Long time no communication, I hope you have time to help me answer this >>question, thank you. >> >>Does apache kafka authorizer must Dependent on kerberos ? >> >> >>Also have a error as follow >> >>[2016-04-11 15:51:39,775] ERROR Error getting principal. >>(org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer) >>java.lang.NullPointerException >>at org.apache.kafka.common.security.kerberos.Login.<init>(Login.java:98) >>at >>org.apache.kafka.common.security.kerberos.LoginManager.<init>(LoginManager.java:44) >>at >>org.apache.kafka.common.security.kerberos.LoginManager.acquireLoginManager(LoginManager.java:85) >>at >>org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer.configure(RangerKafkaAuthorizer.java:85) >>at >>org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer.configure(RangerKafkaAuthorizer.java:96) >>at kafka.server.KafkaServer$$anonfun$startup$3.apply(KafkaServer.scala:197) >>at kafka.server.KafkaServer$$anonfun$startup$3.apply(KafkaServer.scala:195) >>at scala.Option.map(Option.scala:146) >>at kafka.server.KafkaServer.startup(KafkaServer.scala:195) >>at kafka.server.KafkaServerStartable.startup(KafkaServerStartable.scala:37) >>at kafka.Kafka$.main(Kafka.scala:67) >>at kafka.Kafka.main(Kafka.scala) >> >>Regards >>yuhuan.li >> >>[email protected] >> >> >> >>-- >>Regards, >>Gautam. >>
