Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Getting error in PublishKafka Processor NIFI

Solved Go to solution

Getting error in PublishKafka Processor NIFI

Contributor

Hi Team,

Our cluster is secured by Kerberos and Ranger. In PublishKafka processor properties we are using security protocol as SASL_PLAINTEXT.

We are getting following error in nifi-app.log when we run PublishKafka processor:

Caused by: org.apache.kafka.common.KafkaException: javax.security.auth.login.LoginException: Could not login: the client is being asked for a password, but the Kafka client code does not currently support obtaining a password from the user. Make sure -Djava.security.auth.login.config property passed to JVM and the client is configured to use a ticket cache (using the JAAS configuration setting 'useTicketCache=true)'. Make sure you are using FQDN of the Kafka broker you are trying to connect to. not available to garner  authentication information from the user
        at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:74)
        at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:60)
        at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:79)
        at org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:271)
        ... 16 common frames omitted
Caused by: javax.security.auth.login.LoginException: Could not login: the client is being asked for a password, but the Kafka client code does not currently support obtaining a password from the user. Make sure -Djava.security.auth.login.config property passed to JVM and the client is configured to use a ticket cache (using the JAAS configuration setting 'useTicketCache=true)'. Make sure you are using FQDN of the Kafka broker you are trying to connect to. not available to garner  authentication information from the user
        at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:940)
        at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:760)
        at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617)
        at sun.reflect.GeneratedMethodAccessor552.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
        at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
        at org.apache.kafka.common.security.kerberos.Login.login(Login.java:298)
        at org.apache.kafka.common.security.kerberos.Login.<init>(Login.java:104)
        at org.apache.kafka.common.security.kerberos.LoginManager.<init>(LoginManager.java:44)
        at org.apache.kafka.common.security.kerberos.LoginManager.acquireLoginManager(LoginManager.java:85)
        at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:55)

Given are the content of jass config:

Client {
  com.sun.security.auth.module.Krb5LoginModule required
  useKeyTab=true
  keyTab="/etc/security/keytabs/nifi.service.keytab"
  useTicketCache=true
  principal="nifi/usdf.test.com@CORP.TEST.INT";
};
KafkaClient {
   com.sun.security.auth.module.Krb5LoginModule required
   renewTicket=true
   serviceName="kafka"
   useKeyTab=true
   useTicketCache=true
   keyTab="/etc/security/keytabs/nifi.service.keytab"
   principal="nifi/usdf.test.com@CORP.TEST.INT";
};

How to resolve it? Please suggest.

Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: Getting error in PublishKafka Processor NIFI

Contributor

Resolved issue by copying 'nifi.service.keytab' in different location and giving 644 access to this keytab file.

1 REPLY 1
Highlighted

Re: Getting error in PublishKafka Processor NIFI

Contributor

Resolved issue by copying 'nifi.service.keytab' in different location and giving 644 access to this keytab file.