zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Flavio Junqueira <...@apache.org>
Subject Re: Sasl error
Date Sat, 16 Jan 2016 13:51:21 GMT
Hi Mohit,

I think I've seen your messages on the Kafka list. Have you had a look at the Kafka tests?
Perhaps you want to have a look there for an example of how to generate a correct config file.
The logs indicate that you indeed have a Client section, but the credentials there don't seem
to match what the server expects.

Also, this principal called my attention: krbtgt/EXAMPLE.COM@EXAMPLE.COM <mailto:krbtgt/EXAMPLE.COM@EXAMPLE.COM>.
Are you trying to do cross-realm authentication? Shouldn't they be different in this case?

-Flavio

> On 15 Jan 2016, at 21:10, Mohit Anchlia <mohitanchlia@gmail.com> wrote:
> 
> I need help with the following error. I see this error when ZkClient tries
> to authenticate with the zookeeper server. In the Kerberos logs I see
> tickets being exchanged. I looked at the zookeeper code but couldn't point
> to a specific issue.
> 
> [2016-01-15 16:03:55,771] DEBUG Leaving process event
> (org.I0Itec.zkclient.ZkClient)
> [2016-01-15 16:03:55,772] DEBUG saslClient.evaluateChallenge(len=0)
> (org.apache.zookeeper.client.ZooKeeperSaslClient)
> [2016-01-15 16:03:55,792] DEBUG Responding to client SASL token.
> (org.apache.zookeeper.server.ZooKeeperServer)
> [2016-01-15 16:03:55,792] DEBUG Size of client SASL token: 611
> (org.apache.zookeeper.server.ZooKeeperServer)
> [2016-01-15 16:03:55,792] ERROR cnxn.saslServer is null: cnxn object did
> not initialize its saslServer properly.
> (org.apache.zookeeper.server.ZooKeeperServer)
> [2016-01-15 16:03:55,793] ERROR SASL authentication failed using login
> context 'Client'. (org.apache.zookeeper.client.ZooKeeperSaslClient)
> [2016-01-15 16:03:55,793] DEBUG Received event: WatchedEvent
> state:AuthFailed type:None path:null (org.I0Itec.zkclient.ZkClient)
> --
> 
> Kerberos logs
> 
> Jan 15 15:39:44 ip-10-241-251-175.us-west-2.compute.internal
> krb5kdc[9767](info): AS_REQ (6 etypes {18 17 16 23 1 3}) 10.241.251.217:
> ISSUE: authtime 1452890384, etypes {rep=18 tkt=18 ses=18}, kafka/
> 10.241.251.217@EXAMPLE.COM for krbtgt/EXAMPLE.COM@EXAMPLE.COM
> Jan 15 15:39:44 ip-10-241-251-175.us-west-2.compute.internal
> krb5kdc[9767](info): TGS_REQ (6 etypes {18 17 16 23 1 3}) 10.241.251.217:
> ISSUE: authtime 1452890384, etypes {rep=18 tkt=18 ses=18}, kafka/
> 10.241.251.217@EXAMPLE.COM for zookeeper/localhost@EXAMPLE.COM


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message