Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

getting warning when running Kafka in kerborized cluster HDP2.5

avatar
Super Collaborator

my publisher and subscriber are working fine but I am getting this warning on subscription

[root@hadoop1 ~]# kafka-console-consumer.sh --zookeeper hadoop1:2181 --topic mytopic --from-beginning --security-protocol SASL_PLAINTEXT
[2017-08-16 12:33:12,956] WARN SASL configuration failed: javax.security.auth.login.LoginException: No JAAS configuration section named 'Client' was found in specified JAAS configuration file: '/usr/hdp/current/kafka-broker/config/kafka_client_jaas.conf'. Will continue connection to Zookeeper server without SASL authentication, if Zookeeper server allows it. (org.apache.zookeeper.ClientCnxn)
[2017-08-16 12:33:13,101] WARN SASL configuration failed: javax.security.auth.login.LoginException: No JAAS configuration section named 'Client' was found in specified JAAS configuration file: '/usr/hdp/current/kafka-broker/config/kafka_client_jaas.conf'. Will continue connection to Zookeeper server without SASL authentication, if Zookeeper server allows it. (org.apache.zookeeper.ClientCnxn)
[2017-08-16 12:33:13,120] WARN SASL configuration failed: javax.security.auth.login.LoginException: No JAAS configuration section named 'Client' was found in specified JAAS configuration file: '/usr/hdp/current/kafka-broker/config/kafka_client_jaas.conf'. Will continue connection to Zookeeper server without SASL authentication, if Zookeeper server allows it. (org.apache.zookeeper.ClientCnxn)
[2017-08-16 12:33:13,375] WARN The TGT cannot be renewed beyond the next expiry date: Thu Aug 17 11:51:54 EDT 2017.This process will not be able to authenticate new SASL connections after that time (for example, it will not be able to authenticate a new connection with a Kafka Broker).  Ask your system administrator to either increase the 'renew until' time by doing : 'modprinc -maxrenewlife null ' within kadmin, or instead, to generate a keytab for null. Because the TGT's expiry cannot be further extended by refreshing, exiting refresh thread now. (org.apache.kafka.common.security.kerberos.KerberosLogin)
[2017-08-16 12:33:13,388] WARN SASL configuration failed: javax.security.auth.login.LoginException: No JAAS configuration section named 'Client' was found in specified JAAS configuration file: '/usr/hdp/current/kafka-broker/config/kafka_client_jaas.conf'. Will continue connection to Zookeeper server without SASL authentication, if Zookeeper server allows it. (org.apache.zookeeper.ClientCnxn)
{metadata.broker.list=hadoop1:6667, request.timeout.ms=30000, client.id=console-consumer-17860, security.protocol=SASL_PLAINTEXT}
testing kafka messages under kerberos ..Sami aug'17
this is the second line from the publisher

2 REPLIES 2

avatar

@Sami Ahmad

Please check below URL's

https://community.hortonworks.com/questions/78843/problems-with-kafka-scripts-after-enabled-kerberos...

https://community.hortonworks.com/content/supportkb/49422/running-kafka-client-bin-scripts-in-secure...

Also check if you have a valid Kerberos ticket. If you use kinit, use this configuration.

KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=true;
};
If you use keytab, use this configuration:
KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/etc/security/keytabs/kafka_server.keytab"
principal="kafka/kafka1.hostname.com@EXAMPLE.COM";
};

avatar