Hi It seems that your keytab doesn't have the principal you configured your "client" section to use. Post your jaas here if you want further help but basically you should be able to do
kinit -V -k -t <your.keytab> <yourzkclient@REALM> On 18 Feb. 2017 3:56 am, "Raghav" <raghavas...@gmail.com> wrote: Hi I am trying to setup a simple setup with one Kafka broker, and zookeeper on the same VM. One producer and one consumer on each VM. I have setup a KDC on cents VM. I am trying to following this guide: http://docs.confluent.io/2.0.0/kafka/sasl.html#kerberos When I start Kafka, it errors out with the following error. Do I need to setup anything on zookeeper side as well to fix these errors ? Thanks. *[2017-02-16 19:05:00,583] WARN Could not login: the client is being asked for a password, but the Zookeeper client code does not currently support obtaining a password from the user. Make sure that the client is configured to use a ticket cache (using the JAAS configuration setting 'useTicketCache=true)' and restart the client. If you still get this message after that, the TGT in the ticket cache has expired and must be manually refreshed. To do so, first determine if you are using a password or a keytab. If the former, run kinit in a Unix shell in the environment of the user who is running this Zookeeper client using the command 'kinit <princ>' (where <princ> is the name of the client's Kerberos principal). If the latter, do 'kinit -k -t <keytab> <princ>' (where <princ> is the name of the Kerberos principal, and <keytab> is the location of the keytab file). After manually refreshing your cache, restart this client. If you continue to see this message after manually refreshing your cache, ensure that your KDC host's clock is in sync with this host's clock. (org.apache.zookeeper.client.ZooKeeperSaslClient)* *[2017-02-16 19:05:00,584] WARN SASL configuration failed: javax.security.auth.login.LoginException: No password provided Will continue connection to Zookeeper server without SASL authentication, if Zookeeper server allows it. (org.apache.zookeeper.ClientCnxn)* *[2017-02-16 19:05:00,585] INFO Opening socket connection to server kafka2.example.com/172.26.230.67:2181 <http://kafka2.example.com/172.26.230.67:2181> (org.apache.zookeeper.ClientCnxn)* *[2017-02-16 19:05:00,585] INFO zookeeper state changed (AuthFailed) (org.I0Itec.zkclient.ZkClient)* *[2017-02-16 19:05:00,586] INFO Terminate ZkClient event thread. (org.I0Itec.zkclient.ZkEventThread)* *[2017-02-16 19:05:00,591] INFO Socket connection established to kafka2.example.com/172.26.230.67:2181 <http://kafka2.example.com/172.26.230.67:2181>, initiating session (org.apache.zookeeper.ClientCnxn)* *[2017-02-16 19:05:00,597] INFO Session establishment complete on server kafka2.example.com/172.26.230.67:2181 <http://kafka2.example.com/172.26.230.67:2181>, sessionid = 0x15a4a0678610002, negotiated timeout = 6000 (org.apache.zookeeper.ClientCnxn)* *[2017-02-16 19:05:00,599] INFO Session: 0x15a4a0678610002 closed (org.apache.zookeeper.ZooKeeper)* *[2017-02-16 19:05:00,599] FATAL Fatal error during KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer)* *org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication failure* * at org.I0Itec.zkclient.ZkClient.waitForKeeperState(ZkClient.java:946)* * at org.I0Itec.zkclient.ZkClient.waitUntilConnected(ZkClient.java:923)* * at org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1230)* * at org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:156)* * at org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:130)* * at kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:76)* * at kafka.utils.ZkUtils$.apply(ZkUtils.scala:58)* * at kafka.server.KafkaServer.initZk(KafkaServer.scala:327)* * at kafka.server.KafkaServer.startup(KafkaServer.scala:200)* * at kafka.server.KafkaServerStartable.startup(KafkaServerStartable.scala:39)* * at kafka.Kafka$.main(Kafka.scala:67)* * at kafka.Kafka.main(Kafka.scala)* -- Raghav
