[jira] [Commented] (KAFKA-15472) Kraft broker does not seem to support sasl/scram authentication

Mon, 18 Sep 2023 01:40:39 -0700 


    [ 
https://issues.apache.org/jira/browse/KAFKA-15472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17766277#comment-17766277
 ] 

RivenSun commented on KAFKA-15472:
----------------------------------

close this ticket...
I found KAFKA-14084 at 
https://archive.apache.org/dist/kafka/3.5.0/RELEASE_NOTES.html.
I think we should declare this in a more obvious place, such as here 
[https://kafka.apache.org/documentation/#upgrade_350_notable]
[~pprovenzano]  [~cmccabe] 
Thanks

> Kraft broker does not seem to support sasl/scram authentication
> ---------------------------------------------------------------
>
>                 Key: KAFKA-15472
>                 URL: https://issues.apache.org/jira/browse/KAFKA-15472
>             Project: Kafka
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 3.4.1
>            Reporter: RivenSun
>            Priority: Major
>
> kafka server&client version: 3.4.1
> server.properties
>  
> {code:java}
> #controller communicate config
> sasl.mechanism.controller.protocol=PLAIN 
> #broker communicate config
> #security.inter.broker.protocol=SASL_PLAINTEXT
> inter.broker.listener.name=INTERNAL_SSL
> sasl.mechanism.inter.broker.protocol=PLAIN
> #sasl authentication config
> sasl.kerberos.service.name=kafka
> sasl.enabled.mechanisms=PLAIN,SCRAM-SHA-256,SCRAM-SHA-512,GSSAPI,OAUTHBEARER 
> {code}
>  
> kafkaClient test code
>  
> {code:java}
> AdminClient adminClient = AdminClient.create(props);
> try {
>     UserScramCredentialUpsertion credentialUpsertion = new 
> UserScramCredentialUpsertion("test",
>             new ScramCredentialInfo(ScramMechanism.SCRAM_SHA_256, 
> 4096),"test");
>     
> adminClient.alterUserScramCredentials(Collections.singletonList(credentialUpsertion)).all().get();
>     Set<String> users = 
> adminClient.describeUserScramCredentials(Collections.singletonList("test")).all().get().keySet();
>     System.out.println(users);
>     Collection<Node> nodes = adminClient.describeCluster().nodes().get();
>     System.out.println(nodes);
> } catch (Exception e) {
>     System.out.println(e.toString());
>     LOG.error("failed", e);
> } finally {
>     adminClient.close();
> } {code}
>  
>  
> error log
>  
> {code:java}
> [main] INFO org.apache.kafka.common.security.authenticator.AbstractLogin - 
> Successfully logged in.
> [main] INFO org.apache.kafka.common.utils.AppInfoParser - Kafka version: 3.4.1
> [main] INFO org.apache.kafka.common.utils.AppInfoParser - Kafka commitId: 
> 8a516edc2755df89
> [main] INFO org.apache.kafka.common.utils.AppInfoParser - Kafka startTimeMs: 
> 1695024285450
> Disconnected from the target VM, address: '127.0.0.1:52962', transport: 
> 'socket'
> java.util.concurrent.ExecutionException: 
> org.apache.kafka.common.errors.UnsupportedVersionException: The broker does 
> not support ALTER_USER_SCRAM_CREDENTIALS
> [main] ERROR us.zoom.mq.examples.AdminClientTest - failed
> java.util.concurrent.ExecutionException: 
> org.apache.kafka.common.errors.UnsupportedVersionException: The broker does 
> not support ALTER_USER_SCRAM_CREDENTIALS
>     at 
> java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:396)
>     at 
> java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:2073)
>     at 
> org.apache.kafka.common.internals.KafkaFutureImpl.get(KafkaFutureImpl.java:165)
>     at us.zoom.mq.examples.AdminClientTest.main(AdminClientTest.java:50)
> Caused by: org.apache.kafka.common.errors.UnsupportedVersionException: The 
> broker does not support ALTER_USER_SCRAM_CREDENTIALS
> [kafka-admin-client-thread | adminclient-1] INFO 
> org.apache.kafka.common.utils.AppInfoParser - App info kafka.admin.client for 
> adminclient-1 unregistered
> [kafka-admin-client-thread | adminclient-1] INFO 
> org.apache.kafka.common.metrics.Metrics - Metrics scheduler closed
> [kafka-admin-client-thread | adminclient-1] INFO 
> org.apache.kafka.common.metrics.Metrics - Closing reporter 
> org.apache.kafka.common.metrics.JmxReporter
> [kafka-admin-client-thread | adminclient-1] INFO 
> org.apache.kafka.common.metrics.Metrics - Metrics reporters closed {code}
> When executing the adminClient.describeUserScramCredentials method, an error 
> will also be reported: java.util.concurrent.ExecutionException: 
> {code:java}
> org.apache.kafka.common.errors.UnsupportedVersionException: The broker does 
> not support DESCRIBE_USER_SCRAM_CREDENTIALS{code}
>  
> In Kafka's official website, 
> https://kafka.apache.org/documentation/#kraft_missing 
> I didn't see that Kraft does not support sasl/scram.
> But when I read the sasl/scram chapter, I found that zookeeper is still used 
> to introduce the scram authentication mechanism.
> https://kafka.apache.org/documentation/#security_sasl_scram
>  
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to