[jira] [Created] (KAFKA-12529) kafka-configs.sh does not work while changing the sasl jaas configurations.

Tue, 23 Mar 2021 01:36:06 -0700 

kaushik srinivas created KAFKA-12529:
----------------------------------------

             Summary: kafka-configs.sh does not work while changing the sasl 
jaas configurations.
                 Key: KAFKA-12529
                 URL: https://issues.apache.org/jira/browse/KAFKA-12529
             Project: Kafka
          Issue Type: Bug
            Reporter: kaushik srinivas


We are trying to use kafka-configs script to modify the sasl jaas 
configurations, but unable to do so.

Command used:

./kafka-configs.sh --bootstrap-server localhost:9092 --entity-type brokers 
--entity-name 59 --alter --add-config 'sasl.jaas.config=KafkaServer \{\n 
org.apache.kafka.common.security.plain.PlainLoginModule required \n 
username=\"test\" \n password=\"test\"; \n };'

error:

requirement failed: Invalid entity config: all configs to be added must be in 
the format "key=val".

command 2:

kafka-configs.sh --bootstrap-server localhost:9092 --entity-type brokers 
--entity-name 59 --alter --add-config 
'sasl.jaas.config=[username=test,password=test]'

output:

command does not return , but kafka broker logs below error:

DEBUG", "neid":"kafka-cfd5ccf2af7f47868e83471a5b603408", "system":"kafka", 
"time":"2021-03-23T08:29:00.946", "timezone":"UTC", 
"log":\{"message":"data-plane-kafka-network-thread-1001-ListenerName(SASL_PLAINTEXT)-SASL_PLAINTEXT-2
 - org.apache.kafka.common.security.authenticator.SaslServerAuthenticator - Set 
SASL server state to FAILED during authentication"}}
{"type":"log", "host":"kf-kaudynamic-0", "level":"INFO", 
"neid":"kafka-cfd5ccf2af7f47868e83471a5b603408", "system":"kafka", 
"time":"2021-03-23T08:29:00.946", "timezone":"UTC", 
"log":\{"message":"data-plane-kafka-network-thread-1001-ListenerName(SASL_PLAINTEXT)-SASL_PLAINTEXT-2
 - org.apache.kafka.common.network.Selector - [SocketServer brokerId=1001] 
Failed authentication with /127.0.0.1 (Unexpected Kafka request of type 
METADATA during SASL handshake.)"}}

We have below issues:
1. If one installs kafka broker with SASL mechanism and wants to change the 
SASL jaas config via kafka-configs scripts, how is it supposed to be done ?
 does kafka-configs needs client credentials to do the same ? 
2. Can anyone point us to example commands of kafka-configs to alter the 
sasl.jaas.config property of kafka broker. We do not see any documentation or 
examples for the same.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to