Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Zookeeper SASL Client AUTH_FAILED state

Highlighted

Zookeeper SASL Client AUTH_FAILED state

Explorer

i have share most of the details over the Zookeeper Apache issues

https://issues.apache.org/jira/browse/ZOOKEEPER-3576

 

Could somebody please throw somelights on it

4 REPLIES 4

Re: Zookeeper SASL Client AUTH_FAILED state

Mentor

@Johnny_Bach 

Can you confirm if this is still an open issue?

Re: Zookeeper SASL Client AUTH_FAILED state

Explorer

@Shelton yes it is still open

Re: Zookeeper SASL Client AUTH_FAILED state

Mentor

@Johnny_Bach 

 

I had a look at your open Jira, I have some reservations about your krb5.conf entry, I guess your redacted your real realm name with COMPANY.COM can you replace your entry as follows

 

[domain_realm]
kafka-d1.eng.company.com = COMPANY.COM

 

With the below entry ensure it's well indented. Note the first entry with a  dot (.) and lower case

[domain_realm]
            .company.com = COMPANY.COM
            company.com = COMPANY.COM

 

Your kdc.conf  and kadm5.acl  expected formats

 

[realms]
  COMPANY.COM = {
  #master_key_type = aes256-cts
  acl_file = /var/kerberos/krb5kdc/kadm5.acl
  dict_file = /usr/share/dict/words
   admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
   supported_enctypes = [chaine_of_encryption_types]
}

 

kadm5.acl

 

*/admin@ COMPANY.COM       *

 

After the above changes restart the KDC and Kadmin  and revert with logs 

 

Re: Zookeeper SASL Client AUTH_FAILED state

Mentor

@Johnny_Bach 

 

Hello there your zookeeper issue is your still open? 

Don't have an account?
Coming from Hortonworks? Activate your account here