kafka-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From AshokKumar J <ashokkumar...@gmail.com>
Subject Kerberos ticket fails to renew
Date Mon, 10 Sep 2018 13:49:03 GMT
When the Kafka stream app is started, the following jaas file is being
used. However, the tickets are not being renewed automatically by the
stream application. It fails with the exception below after the ticket
expires. What should we do to keep the Kerberos ticket automatically
renewed?

KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
doNotPrompt=true
useTicketCache=true
principal="astvy@DEV.ACM.COM"
useKeyTab=true
serviceName="kafka"
keyTab="/home/astvy/astvy.headless.keytab"
renewTGT=true
client=true;
};

Error

Abort sending since an error caught with a previous record (key ED1812
value org.cox.model.HourlyUnit@83e6c99 timestamp 1536165112061) to
topic dub_hourlyunit_source1 due to
org.apache.kafka.common.errors.SaslAuthenticationException:
An error: (java.security.PrivilegedActionException:
javax.security.sasl.SaslException:
GSS initiate failed [Caused by GSSException: No valid credentials
provided (Mechanism level: Failed to find any Kerberos tgt)]) occurred
when evaluating SASL token received from the Kafka Broker.
Kafka Client will go to AUTHENTICATION_FAILED state.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message