Kafka启用多个机制进行权限校验,Kerberos校验成功,但是SCRAM和PLAIN报错
kafka
Kafka启用多个机制进行权限校验,Kerberos校验成功,但是SCRAM和PLAIN报错
Server端日志:
2021-01-13 09:13:58,985 WARN org.apache.kafka.common.network.Selector: [SocketServer brokerId=30] Unexpected error from /172.18.30.151; closing connection
java.lang.NullPointerException
at org.apache.kafka.common.security.authenticator.SaslServerAuthenticator.handleSaslToken(SaslServerAuthenticator.java:450)
at org.apache.kafka.common.security.authenticator.SaslServerAuthenticator.authenticate(SaslServerAuthenticator.java:290)
at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:173)
at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:547)
at org.apache.kafka.common.network.Selector.poll(Selector.java:483)
at kafka.network.Processor.poll(SocketServer.scala:830)
at kafka.network.Processor.run(SocketServer.scala:730)
at java.lang.Thread.run(Thread.java:748)
kafka_server_jaas.conf
KafkaServer {
org.apache.kafka.common.security.scram.ScramLoginModule required
username="kafka"
password="123456";
org.apache.kafka.common.security.plain.PlainLoginModule required
username="kafka"
password="123456"
user_kafka="123456";
com.sun.security.auth.module.Krb5LoginModule required
doNotPrompt=true
useKeyTab=true
storeKey=true
useTicketCache=true
keyTab="/etc/kafka/kafka.keytab"
principal="kafka@HADOOP.COM";
};
KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
useTicketCache=true
keyTab="/etc/kafka/kafka.keytab"
principal="kafka@HADOOP.COM";
};
Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
useTicketCache=true
keyTab="/etc/kafka/kafka.keytab"
principal="kafka@HADOOP.COM";
};
client_jaas.conf
KafkaClient {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="kafka"
password="123456";
};
但是输出命令报错
kafka-console-producer --broker-list cdh-test01:9092 --producer-property security.protocol=SASL_PLAINTEXT --producer-property sasl.mechanism=PLAIN --topic testAcl