我使用的是最新版本的Kafka,在通过sasl\u明文将我的消费者/生产者(控制台)客户机连接到Kafka代理时遇到了暂时的问题。
这是我的jaas配置文件
KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=true;
};
下面是我要传递的java属性:
-Djavax.security.auth.useSubjectCredsOnly=false
-Dsecurity.protocol=SASL_PLAINTEXT
-Dsasl.kerberos.service.name=HTTP
-Dsasl.mechanism=GSSAPI
这是我得到的一个例外:
Caused by: org.apache.kafka.common.KafkaException: javax.security.auth.login.LoginException: Could not login: the client is being asked for a password, but the Kafka client code does not currently support obtaining a password from the user. not available to garner authentication information from the user
at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:127)
at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:140)
at org.apache.kafka.common.network.ChannelBuilders.clientChannelBuilder(ChannelBuilders.java:65)
at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:88)
at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:710)
... 33 more
Caused by: javax.security.auth.login.LoginException: Could not login: the client is being asked for a password, but the Kafka client code does not currently support obtaining a password from the user. not available to garner authentication information from the user
at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:940)
谁能帮帮我吗。
2条答案
按热度按时间cbwuti441#
我想建议你的一些选择,
列出当前兑现的keytab中的所有原则,并检查它们是否正确。
如果您试图使用Kafka以外的任何原则对主题进行任何更改,则该操作将失败。set-dsasl.kerberos.service.name=kafka
尝试设置
export KAFKA_OPTS="-Djava.security.auth.login.config=/path/to/jaas.conf -Djava.security.krb5.conf=/etc/krb5.conf -Dsun.security.krb5.debug=true"
如果您使用的是控制台生产者/消费者,则需要提供生产者配置/消费者配置。在producer.properties或consumer.properties中配置以下属性。security.protocol=SASL_PLAINTEXT (or SASL_SSL) sasl.mechanism=GSSAPI (or PLAIN)
对控制台使用者使用如下命令kafka-console-consumer --bootstrap-server host:9092 --consumer.config /path/to/consumer.properties --topic Topic
希望这能有所帮助:)d7v8vwbk2#
jaas文件中缺少principal和keytab。
看到了吗https://kafka.apache.org/documentation/#security_sasl_kerberos