kafka-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Subash Konar <subashkona...@gmail.com>
Subject Re: Kerberos ticket fails to renew
Date Mon, 10 Sep 2018 17:22:56 GMT
Hi Ashok,

Did you tried to configure krb5.conf and krb5JAASLogin.conf files?

Thanks,
Subash

On Mon, Sep 10, 2018 at 7:19 PM AshokKumar J <ashokkumar.js@gmail.com>
wrote:

> When the Kafka stream app is started, the following jaas file is being
> used. However, the tickets are not being renewed automatically by the
> stream application. It fails with the exception below after the ticket
> expires. What should we do to keep the Kerberos ticket automatically
> renewed?
>
> KafkaClient {
> com.sun.security.auth.module.Krb5LoginModule required
> doNotPrompt=true
> useTicketCache=true
> principal="astvy@DEV.ACM.COM"
> useKeyTab=true
> serviceName="kafka"
> keyTab="/home/astvy/astvy.headless.keytab"
> renewTGT=true
> client=true;
> };
>
> Error
>
> Abort sending since an error caught with a previous record (key ED1812
> value org.cox.model.HourlyUnit@83e6c99 timestamp 1536165112061) to
> topic dub_hourlyunit_source1 due to
> org.apache.kafka.common.errors.SaslAuthenticationException:
> An error: (java.security.PrivilegedActionException:
> javax.security.sasl.SaslException:
> GSS initiate failed [Caused by GSSException: No valid credentials
> provided (Mechanism level: Failed to find any Kerberos tgt)]) occurred
> when evaluating SASL token received from the Kafka Broker.
> Kafka Client will go to AUTHENTICATION_FAILED state.
>


-- 
Thanks and Regards,
Subash Konar

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message