We would like to be able to authenticate users to our kafka cluster with simple username/password.
We installed HDF-3.0.1.1 Kafka, kerberized the cluster, installed ranger + kafka-plugin and added a user 'test'.
We set
sasl.enabled.mechanisms=GSSAPI, PLAIN
sasl.mechanism.inter.broker.protocol=GSSAPI
in kafka server.properties to allow the cluster to use kerberos and clients to use PLAIN authentication.
But this does not work.
The console-producer logs
INFO Successfully logged in. (org.apache.kafka.common.security.authenticator.AbstractLogin)
and after a while:
ERROR Error when sending message to topic testtopic2 with key: null, value: 28 bytes with error: (org.apache.kafka.clients.producer.internals.ErrorLoggingCallback)
org.apache.kafka.common.errors.TimeoutException: Failed to update metadata after 60000 ms.
INFO Closing the Kafka producer with timeoutMillis = 9223372036854775807 ms. (org.apache.kafka.clients.producer.KafkaProducer)
In the meantime it continuously tries to connect to the kafka hosts.
The producer properties are:
sasl.mechanism=PLAIN
security.protocol=SASL_PLAINTEXT
and our kafka_client_jaas.conf look like this:
KafkaClient {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="test"
password="XXXXXXXXX";
};
What is going wrong here or is it simply not possible to use username/password authentication with the kafka ranger plugin?
Kind Regards
Peter