This is the default principal in kds that I have my jaas file configured to use. The interesting point is that I see ticket exchange taking place successfully and yet I get a cnxn error.
On Sat, Jan 16, 2016 at 5:51 AM, Flavio Junqueira <[email protected]> wrote: > Hi Mohit, > > I think I've seen your messages on the Kafka list. Have you had a look at > the Kafka tests? Perhaps you want to have a look there for an example of > how to generate a correct config file. The logs indicate that you indeed > have a Client section, but the credentials there don't seem to match what > the server expects. > > Also, this principal called my attention: krbtgt/[email protected] > <mailto:krbtgt/[email protected]>. Are you trying to do cross-realm > authentication? Shouldn't they be different in this case? > > -Flavio > > > On 15 Jan 2016, at 21:10, Mohit Anchlia <[email protected]> wrote: > > > > I need help with the following error. I see this error when ZkClient > tries > > to authenticate with the zookeeper server. In the Kerberos logs I see > > tickets being exchanged. I looked at the zookeeper code but couldn't > point > > to a specific issue. > > > > [2016-01-15 16:03:55,771] DEBUG Leaving process event > > (org.I0Itec.zkclient.ZkClient) > > [2016-01-15 16:03:55,772] DEBUG saslClient.evaluateChallenge(len=0) > > (org.apache.zookeeper.client.ZooKeeperSaslClient) > > [2016-01-15 16:03:55,792] DEBUG Responding to client SASL token. > > (org.apache.zookeeper.server.ZooKeeperServer) > > [2016-01-15 16:03:55,792] DEBUG Size of client SASL token: 611 > > (org.apache.zookeeper.server.ZooKeeperServer) > > [2016-01-15 16:03:55,792] ERROR cnxn.saslServer is null: cnxn object did > > not initialize its saslServer properly. > > (org.apache.zookeeper.server.ZooKeeperServer) > > [2016-01-15 16:03:55,793] ERROR SASL authentication failed using login > > context 'Client'. (org.apache.zookeeper.client.ZooKeeperSaslClient) > > [2016-01-15 16:03:55,793] DEBUG Received event: WatchedEvent > > state:AuthFailed type:None path:null (org.I0Itec.zkclient.ZkClient) > > -- > > > > Kerberos logs > > > > Jan 15 15:39:44 ip-10-241-251-175.us-west-2.compute.internal > > krb5kdc[9767](info): AS_REQ (6 etypes {18 17 16 23 1 3}) 10.241.251.217: > > ISSUE: authtime 1452890384, etypes {rep=18 tkt=18 ses=18}, kafka/ > > [email protected] for krbtgt/[email protected] > > Jan 15 15:39:44 ip-10-241-251-175.us-west-2.compute.internal > > krb5kdc[9767](info): TGS_REQ (6 etypes {18 17 16 23 1 3}) 10.241.251.217 > : > > ISSUE: authtime 1452890384, etypes {rep=18 tkt=18 ses=18}, kafka/ > > [email protected] for zookeeper/[email protected] > >
