Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

getting warning when running Kafka in kerborized cluster HDP2.5

Highlighted

getting warning when running Kafka in kerborized cluster HDP2.5

Master Collaborator

my publisher and subscriber are working fine but I am getting this warning on subscription

[root@hadoop1 ~]# kafka-console-consumer.sh --zookeeper hadoop1:2181 --topic mytopic --from-beginning --security-protocol SASL_PLAINTEXT
[2017-08-16 12:33:12,956] WARN SASL configuration failed: javax.security.auth.login.LoginException: No JAAS configuration section named 'Client' was found in specified JAAS configuration file: '/usr/hdp/current/kafka-broker/config/kafka_client_jaas.conf'. Will continue connection to Zookeeper server without SASL authentication, if Zookeeper server allows it. (org.apache.zookeeper.ClientCnxn)
[2017-08-16 12:33:13,101] WARN SASL configuration failed: javax.security.auth.login.LoginException: No JAAS configuration section named 'Client' was found in specified JAAS configuration file: '/usr/hdp/current/kafka-broker/config/kafka_client_jaas.conf'. Will continue connection to Zookeeper server without SASL authentication, if Zookeeper server allows it. (org.apache.zookeeper.ClientCnxn)
[2017-08-16 12:33:13,120] WARN SASL configuration failed: javax.security.auth.login.LoginException: No JAAS configuration section named 'Client' was found in specified JAAS configuration file: '/usr/hdp/current/kafka-broker/config/kafka_client_jaas.conf'. Will continue connection to Zookeeper server without SASL authentication, if Zookeeper server allows it. (org.apache.zookeeper.ClientCnxn)
[2017-08-16 12:33:13,375] WARN The TGT cannot be renewed beyond the next expiry date: Thu Aug 17 11:51:54 EDT 2017.This process will not be able to authenticate new SASL connections after that time (for example, it will not be able to authenticate a new connection with a Kafka Broker).  Ask your system administrator to either increase the 'renew until' time by doing : 'modprinc -maxrenewlife null ' within kadmin, or instead, to generate a keytab for null. Because the TGT's expiry cannot be further extended by refreshing, exiting refresh thread now. (org.apache.kafka.common.security.kerberos.KerberosLogin)
[2017-08-16 12:33:13,388] WARN SASL configuration failed: javax.security.auth.login.LoginException: No JAAS configuration section named 'Client' was found in specified JAAS configuration file: '/usr/hdp/current/kafka-broker/config/kafka_client_jaas.conf'. Will continue connection to Zookeeper server without SASL authentication, if Zookeeper server allows it. (org.apache.zookeeper.ClientCnxn)
{metadata.broker.list=hadoop1:6667, request.timeout.ms=30000, client.id=console-consumer-17860, security.protocol=SASL_PLAINTEXT}
testing kafka messages under kerberos ..Sami aug'17
this is the second line from the publisher

2 REPLIES 2

Re: getting warning when running Kafka in kerborized cluster HDP2.5

@Sami Ahmad

Please check below URL's

https://community.hortonworks.com/questions/78843/problems-with-kafka-scripts-after-enabled-kerberos...

https://community.hortonworks.com/content/supportkb/49422/running-kafka-client-bin-scripts-in-secure...

Also check if you have a valid Kerberos ticket. If you use kinit, use this configuration.

KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=true;
};
If you use keytab, use this configuration:
KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/etc/security/keytabs/kafka_server.keytab"
principal="kafka/kafka1.hostname.com@EXAMPLE.COM";
};

Re: getting warning when running Kafka in kerborized cluster HDP2.5

Don't have an account?
Coming from Hortonworks? Activate your account here