Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

getting warning when running Kafka in kerborized cluster HDP2.5

avatar
author-rank aliyesami
Super Collaborator

Created ‎08-16-2017 04:47 PM

my publisher and subscriber are working fine but I am getting this warning on subscription 

[root@hadoop1 ~]# kafka-console-consumer.sh --zookeeper hadoop1:2181 --topic mytopic --from-beginning --security-protocol SASL_PLAINTEXT
[2017-08-16 12:33:12,956] WARN SASL configuration failed: javax.security.auth.login.LoginException: No JAAS configuration section named 'Client' was found in specified JAAS configuration file: '/usr/hdp/current/kafka-broker/config/kafka_client_jaas.conf'. Will continue connection to Zookeeper server without SASL authentication, if Zookeeper server allows it. (org.apache.zookeeper.ClientCnxn)
[2017-08-16 12:33:13,101] WARN SASL configuration failed: javax.security.auth.login.LoginException: No JAAS configuration section named 'Client' was found in specified JAAS configuration file: '/usr/hdp/current/kafka-broker/config/kafka_client_jaas.conf'. Will continue connection to Zookeeper server without SASL authentication, if Zookeeper server allows it. (org.apache.zookeeper.ClientCnxn)
[2017-08-16 12:33:13,120] WARN SASL configuration failed: javax.security.auth.login.LoginException: No JAAS configuration section named 'Client' was found in specified JAAS configuration file: '/usr/hdp/current/kafka-broker/config/kafka_client_jaas.conf'. Will continue connection to Zookeeper server without SASL authentication, if Zookeeper server allows it. (org.apache.zookeeper.ClientCnxn)
[2017-08-16 12:33:13,375] WARN The TGT cannot be renewed beyond the next expiry date: Thu Aug 17 11:51:54 EDT 2017.This process will not be able to authenticate new SASL connections after that time (for example, it will not be able to authenticate a new connection with a Kafka Broker).  Ask your system administrator to either increase the 'renew until' time by doing : 'modprinc -maxrenewlife null ' within kadmin, or instead, to generate a keytab for null. Because the TGT's expiry cannot be further extended by refreshing, exiting refresh thread now. (org.apache.kafka.common.security.kerberos.KerberosLogin)
[2017-08-16 12:33:13,388] WARN SASL configuration failed: javax.security.auth.login.LoginException: No JAAS configuration section named 'Client' was found in specified JAAS configuration file: '/usr/hdp/current/kafka-broker/config/kafka_client_jaas.conf'. Will continue connection to Zookeeper server without SASL authentication, if Zookeeper server allows it. (org.apache.zookeeper.ClientCnxn)
{metadata.broker.list=hadoop1:6667, request.timeout.ms=30000, client.id=console-consumer-17860, security.protocol=SASL_PLAINTEXT}
testing kafka messages under kerberos ..Sami aug'17
this is the second line from the publisher
14,552 Views
0 Kudos
2 REPLIES 2

avatar
author-rank nshelke author-rank
Guru

Created ‎08-16-2017 06:33 PM

@Sami Ahmad

Please check below URL's

https://community.hortonworks.com/questions/78843/problems-with-kafka-scripts-after-enabled-kerberos...

https://community.hortonworks.com/content/supportkb/49422/running-kafka-client-bin-scripts-in-secure...

Also check if you have a valid Kerberos ticket. If you use kinit, use this configuration.

KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=true;
};
If you use keytab, use this configuration:
KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/etc/security/keytabs/kafka_server.keytab"
principal="kafka/kafka1.hostname.com@EXAMPLE.COM";
};
8,873 Views

avatar
author-rank nshelke author-rank
Guru

Created ‎08-16-2017 06:40 PM

@Sami Ahmad

Check below article for this,

https://community.hortonworks.com/articles/56704/secure-kafka-java-producer-with-kerberos.html

8,873 Views
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics 1.14 for Cloudera Pu...
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
View More Announcements