Hello,   Did you find a fix to this. I am currently struggling with a similar situation. I have a haproxy LB in between but it breaks the kerberos authentication. Any advise would be very helpful. ... View more

Hi,  How would this work when i have a LB in between. I have haproxy in between so that I can use a single DNS name to refer to all the brokers instead of specifying the broker list. More so that we can increase/decrease the number of brokers transparent to the client. I tried the the LB name , but I get a kerberos error. Please help me on this. ================================================================= [2020-03-13 13:51:56,482] ERROR [Consumer clientId=consumer-1, groupId=console-consumer-40177] Connection to node -1 (hkhkos209.sg.flowtraders.local/10.85.168.75:9092) failed authentication due to: An error: (java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))]) occurred when evaluating SASL token received from the Kafka Broker. This may be caused by Java's being unable to resolve the Kafka Broker's hostname correctly. You may want to try to adding '-Dsun.net.spi.nameservice.provider.1=dns,sun' to your client's JVMFLAGS environment. Users must configure FQDN of kafka brokers when authenticating using SASL and `socketChannel.socket().getInetAddress().getHostName()` must match the hostname in `principal/hostname@realm` Kafka Client will go to AUTHENTICATION_FAILED state. (org.apache.kafka.clients.NetworkClient) [2020-03-13 13:51:56,484] ERROR Error processing message, terminating consumer process: (kafka.tools.ConsoleConsumer$) org.apache.kafka.common.errors.SaslAuthenticationException: An error: (java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))]) occurred when evaluating SASL token received from the Kafka Broker. This may be caused by Java's being unable to resolve the Kafka Broker's hostname correctly. You may want to try to adding '-Dsun.net.spi.nameservice.provider.1=dns,sun' to your client's JVMFLAGS environment. Users must configure FQDN of kafka brokers when authenticating using SASL and `socketChannel.socket().getInetAddress().getHostName()` must match the hostname in `principal/hostname@realm` Kafka Client will go to AUTHENTICATION_FAILED state. Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))] ================================================================= ... View more