kafka-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rumney, Owen (HARVEY NASH)" <Owen.Rumn...@bp.com>
Subject SASL/PLAIN text
Date Thu, 02 Mar 2017 10:08:38 GMT
Hi

I've got a 3 broker kerberised Kafka 0.10 install running in Cloudera and I'm trying to authenticate
with SASL/PLAIN

I'm passing kafka_server_jaas.conf into the JVM on each of the brokers.


KafkaServer {
  org.apache.kafka.common.security.plain.PlainLoginModule required
  username=admin
  password=password1
  user_admin=password1
  user_remote=password1;
};

My server.properties (or kafka.properties as Cloudera renames it) is set as below;


listeners=SASL_SSL://10.10.3.47:9093 # ip set for each broker
advertised.listeners=SASL_SSL://10.10.3.47:9093 # ip set for each broker
sasl.enabled.mechanisms=GSSAPI,PLAIN
security.inter.broker.protocol=SASL_SSL
sasl.mechanism.inter.broker.protocol=GSSAPI

When Kafka starts up, the inter-broker communication is all fine, but when I try to connect
using the console producer I get a Timeout failed to update metadata


bin/kafka-consolproducer --broker-list 10.10.3.161:9093 --topic test1 --producer.config client.properties.plain

client.properties.plain is set to


security.protocol=SASL_SSL
sasl.mechanism=PLAIN

finally, the client side jaas.conf


KafkaClient {
        org.apache.kafka.common.security.plain.PlainLoginModule required
        username="remote"
        password="password1";
};

As far as I can tell I've followed all instructions correctly, can anyone see anything wrong?

Thanks,
Owen

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message