Hi, I am trying to authenticate with "super" user - admin as per the above configuration. Is this possible with only "SASL_SSL" listeners? Or should I have a "PLAIN" listener as well to authenticate with super user account?
Thanks On Thu, Aug 29, 2019 at 8:43 PM Antony A <[email protected]> wrote: > Hi, > > I have configured the brokers and zookeepers as below to enable SSL and > authentication with SASL/Kerberos. I have tried with and without > advertised.listeners, advertised.host.name, host.name, port. > > *server.properties* > > listeners=SASL_SSL://<hostname>:9092 > advertised.listeners=SASL_SSL://<hostname>:9092 > > advertised.host.name=<hostname> > host.name=<hostname> > port=9092 > > ssl.truststore.location=kafka.server.truststore.jks > ssl.truststore.password=password > ssl.keystore.location=kafka.server.keystore.jks > ssl.keystore.password=password > ssl.key.password=password > > security.inter.broker.protocol=SASL_SSL > sasl.mechanism.inter.broker.protocol=GSSAPI > sasl.enabled.mechanisms=GSSAPI > sasl.kerberos.service.name=HTTP > > allow.everyone.if.no.acl.found=true > > zookeeper.set.acl=true > authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer > super.users=User:kafka;User:admin > > *zookeeper.properties* > > authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider > requireClientAuthScheme=sasl > jaasLoginRenew=3600000 > > quorum.auth.enableSasl=true > quorum.auth.learnerRequireSasl=true > quorum.auth.serverRequireSasl=true > quorum.auth.learner.loginContext=QuorumLearner > quorum.auth.server.loginContext=QuorumServer > quorum.cnxn.threads.size=20 > > I have all the brokers and zookeepers configured similarly except for the > hostname. > > Unfortunately I am unable to run my client. Below is error with consumer > > kafkacat -b <hostname> -P -X security.protocol=SASL_SSL -X > sasl.mechanisms=GSSAPI -X sasl.kerberos.keytab=krb5.keytab -X > sasl.kerberos.service.name=HTTP -X > sasl.kerberos.principal=HTTP/<hostname>/<domain> -t test -C > > % ERROR: Topic test error: Broker: Leader not available > > Any suggestions? > > Thanks > AA >
