Hello all, we are having issues connecting from NiFi (1.1) to Kafka (0.9) server using ConsumeKafka processor on kerberos enabled cluster. We were able to execute the same process in one environment (dev), but getting below error in test environment.
"Caused by: org.apache.kafka.common.KafkaException:
javax.security.auth.login.LoginException: Could not login: the client is being
asked for a password, but the Kafka client code does not currently support
obtaining a password from the user. Make sure -Djava.security.auth.login.config
property passed to JVM and the client is configured to use a ticket cache
(using the JAAS configuration setting 'useTicketCache=true)'. Make sure you are
using FQDN of the Kafka broker you are trying to connect to. not available to
garner authentication information from the user"
we have updated the bootstrap.conf file to use the correct jaas.conf file
java.arg.15=-Djava.security.auth.login.config=/data/configuration_resources/jaas.conf
updated jaas.conf file to use correct principal and keytab:
KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/data/configuration_resources/kafka.keytab"
principal="kafka/kafka1.hostname.com@EXAMPLE.COM";
};and updated client.properties file
security.protocol=SASL_PLAINTEXT
sasl.kerberos.service.name=kafka
added krb5.conf info in the nifi.properties file
nifi.kerberos.krb5.file=/data/configuration_resources/krb5.conf
what are the other files/configurations that we have to check to resolve this issue?
