cp-docker-images icon indicating copy to clipboard operation
cp-docker-images copied to clipboard

Published 20 hours ago verified publisher icon confluentinc

Error connecting zookeeper with SASL

Open vgaur opened this issue 4 years ago • 2 comments

My zookeeper is running fine and is able to authenticate against Kerberos. When I am starting Kafka its throwing error >>>KRBError: cTime is Sat Mar 10 17:15:26 UTC 1973 100631726000 sTime is Sat Mar 28 22:12:06 UTC 2020 1585433526000 suSec is 34884 error code is 7 error Message is Server not found in Kerberos database cname is zkclient/[email protected] sname is zookeeper/[email protected] msgType is 30 KrbException: Server not found in Kerberos database (7) - UNKNOWN_SERVER at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:73) at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:251) at sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:262) at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:308) at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:126) at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:458) at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:693) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179) at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:192) at org.apache.zookeeper.client.ZooKeeperSaslClient$1.run(ZooKeeperSaslClient.java:323) at org.apache.zookeeper.client.ZooKeeperSaslClient$1.run(ZooKeeperSaslClient.java:320) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:422) at org.apache.zookeeper.client.ZooKeeperSaslClient.createSaslToken(ZooKeeperSaslClient.java:320) at org.apache.zookeeper.client.ZooKeeperSaslClient.createSaslToken(ZooKeeperSaslClient.java:305) at org.apache.zookeeper.client.ZooKeeperSaslClient.sendSaslPacket(ZooKeeperSaslClient.java:377) at org.apache.zookeeper.client.ZooKeeperSaslClient.initialize(ZooKeeperSaslClient.java:415) at org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1149) Caused by: KrbException: Identifier doesn't match expected value (906) at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140) at sun.security.krb5.internal.TGSRep.init(TGSRep.java:65) at sun.security.krb5.internal.TGSRep.<init>(TGSRep.java:60) at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:55) If you see the line in log cname is zkclient/[email protected] sname is zookeeper/[email protected] I think this is causing the problem.

I can see following error in Kerberos TGS_REQ (4 etypes {18 17 16 23}) 127.0.0.1: UNKNOWN_SERVER: authtime 0, zkclient/[email protected] for zookeeper/[email protected], Server not found in Kerberos database

I am not sure why its taking localhost. and how to resolve this.

vgaur avatar Mar 28 '20 22:03 vgaur

@vgaur , am facing similar issue, where you able to resolve this issue?

praveenvkumar21 avatar Jun 05 '20 17:06 praveenvkumar21

I could resolve the issue but got away by create principle as zookeeper/[email protected]

vgaur avatar Jul 25 '20 13:07 vgaur