Kafka加Kerberos认证后,执行命令行报:Authentication failure

云计算 waitig 1192℃ 百度已收录 0评论

错误信息如下:

[kafka@c2bde02 bin]$ ./kafka-topics.sh –list –zookeeper 172.17.76.2:2181

[2017-11-07 14:25:46,940] ERROR An error: (java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) – LOOKING_UP_SERVER)])
occurred when evaluating Zookeeper Quorum Member’s  received SASL token. Zookeeper Client will go to AUTH_FAILED state. (org.apache.zookeeper.client.ZooKeeperSaslClient)
[2017-11-07 14:25:46,941] ERROR SASL authentication with Zookeeper Quorum member failed: javax.security.sasl.SaslException: An error: (java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No
valid credentials provided (Mechanism level: Server not found in Kerberos database (7) – LOOKING_UP_SERVER)]) occurred when evaluating Zookeeper Quorum Member’s  received SASL token. Zookeeper Client will go to AUTH_FAILED state. (org.apache.zookeeper.ClientCnxn)
Exception in thread "main" org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication failure
at org.I0Itec.zkclient.ZkClient.waitForKeeperState(ZkClient.java:946)
at org.I0Itec.zkclient.ZkClient.waitUntilConnected(ZkClient.java:923)
at org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1230)
at org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:156)
at org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:130)
at kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:76)
at kafka.utils.ZkUtils$.apply(ZkUtils.scala:58)
at kafka.admin.TopicCommand$.main(TopicCommand.scala:53)
at kafka.admin.TopicCommand.main(TopicCommand.scala)

解决办法:

修改后kafa-topics.sh内容如下:

# cat kafka-topics.sh

# check if kafka_jaas.conf in config , only enable client_kerberos_params in secure mode.
KAFKA_HOME="$(dirname $(cd "$( dirname "${BASH_SOURCE[0]}")" && pwd ))"
KAFKA_JAAS_CONF=$KAFKA_HOME/config/kafka_jaas.conf
if[-f $KAFKA_JAAS_CONF];then
export KAFKA_CLIENT_KERBEROS_PARAMS="-Djava.security.auth.login.config=$KAFKA_HOME/config/kafka_client_jaas.conf"
fi

 
exec $(dirname $0)/kafka-run-class.sh kafka.admin.TopicCommand"$@"

然后再执行:
# su kafka
# kinit -kt /etc/security/keytabs/kafka.service.keytab kafka/c2bde02

#./kafka-topics.sh –list –zookeeper 172.17.76.2:2181


本文由【waitig】发表在等英博客
本文固定链接:Kafka加Kerberos认证后,执行命令行报:Authentication failure
欢迎关注本站官方公众号,每日都有干货分享!
等英博客官方公众号
点赞 (0)分享 (0)