Hi Mohit, I think I've seen your messages on the Kafka list. Have you had a look at the Kafka tests? Perhaps you want to have a look there for an example of how to generate a correct config file. The logs indicate that you indeed have a Client section, but the credentials there don't seem to match what the server expects.
Also, this principal called my attention: krbtgt/[email protected] <mailto:krbtgt/[email protected]>. Are you trying to do cross-realm authentication? Shouldn't they be different in this case? -Flavio > On 15 Jan 2016, at 21:10, Mohit Anchlia <[email protected]> wrote: > > I need help with the following error. I see this error when ZkClient tries > to authenticate with the zookeeper server. In the Kerberos logs I see > tickets being exchanged. I looked at the zookeeper code but couldn't point > to a specific issue. > > [2016-01-15 16:03:55,771] DEBUG Leaving process event > (org.I0Itec.zkclient.ZkClient) > [2016-01-15 16:03:55,772] DEBUG saslClient.evaluateChallenge(len=0) > (org.apache.zookeeper.client.ZooKeeperSaslClient) > [2016-01-15 16:03:55,792] DEBUG Responding to client SASL token. > (org.apache.zookeeper.server.ZooKeeperServer) > [2016-01-15 16:03:55,792] DEBUG Size of client SASL token: 611 > (org.apache.zookeeper.server.ZooKeeperServer) > [2016-01-15 16:03:55,792] ERROR cnxn.saslServer is null: cnxn object did > not initialize its saslServer properly. > (org.apache.zookeeper.server.ZooKeeperServer) > [2016-01-15 16:03:55,793] ERROR SASL authentication failed using login > context 'Client'. (org.apache.zookeeper.client.ZooKeeperSaslClient) > [2016-01-15 16:03:55,793] DEBUG Received event: WatchedEvent > state:AuthFailed type:None path:null (org.I0Itec.zkclient.ZkClient) > -- > > Kerberos logs > > Jan 15 15:39:44 ip-10-241-251-175.us-west-2.compute.internal > krb5kdc[9767](info): AS_REQ (6 etypes {18 17 16 23 1 3}) 10.241.251.217: > ISSUE: authtime 1452890384, etypes {rep=18 tkt=18 ses=18}, kafka/ > [email protected] for krbtgt/[email protected] > Jan 15 15:39:44 ip-10-241-251-175.us-west-2.compute.internal > krb5kdc[9767](info): TGS_REQ (6 etypes {18 17 16 23 1 3}) 10.241.251.217: > ISSUE: authtime 1452890384, etypes {rep=18 tkt=18 ses=18}, kafka/ > [email protected] for zookeeper/[email protected]
