zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mohit Anchlia <mohitanch...@gmail.com>
Subject Re: Sasl error
Date Mon, 18 Jan 2016 06:27:11 GMT
This is the default principal in kds that I have my jaas file configured to
use. The interesting point is that I see ticket exchange taking place
successfully and yet I get a cnxn error.

On Sat, Jan 16, 2016 at 5:51 AM, Flavio Junqueira <fpj@apache.org> wrote:

> Hi Mohit,
>
> I think I've seen your messages on the Kafka list. Have you had a look at
> the Kafka tests? Perhaps you want to have a look there for an example of
> how to generate a correct config file. The logs indicate that you indeed
> have a Client section, but the credentials there don't seem to match what
> the server expects.
>
> Also, this principal called my attention: krbtgt/EXAMPLE.COM@EXAMPLE.COM
> <mailto:krbtgt/EXAMPLE.COM@EXAMPLE.COM>. Are you trying to do cross-realm
> authentication? Shouldn't they be different in this case?
>
> -Flavio
>
> > On 15 Jan 2016, at 21:10, Mohit Anchlia <mohitanchlia@gmail.com> wrote:
> >
> > I need help with the following error. I see this error when ZkClient
> tries
> > to authenticate with the zookeeper server. In the Kerberos logs I see
> > tickets being exchanged. I looked at the zookeeper code but couldn't
> point
> > to a specific issue.
> >
> > [2016-01-15 16:03:55,771] DEBUG Leaving process event
> > (org.I0Itec.zkclient.ZkClient)
> > [2016-01-15 16:03:55,772] DEBUG saslClient.evaluateChallenge(len=0)
> > (org.apache.zookeeper.client.ZooKeeperSaslClient)
> > [2016-01-15 16:03:55,792] DEBUG Responding to client SASL token.
> > (org.apache.zookeeper.server.ZooKeeperServer)
> > [2016-01-15 16:03:55,792] DEBUG Size of client SASL token: 611
> > (org.apache.zookeeper.server.ZooKeeperServer)
> > [2016-01-15 16:03:55,792] ERROR cnxn.saslServer is null: cnxn object did
> > not initialize its saslServer properly.
> > (org.apache.zookeeper.server.ZooKeeperServer)
> > [2016-01-15 16:03:55,793] ERROR SASL authentication failed using login
> > context 'Client'. (org.apache.zookeeper.client.ZooKeeperSaslClient)
> > [2016-01-15 16:03:55,793] DEBUG Received event: WatchedEvent
> > state:AuthFailed type:None path:null (org.I0Itec.zkclient.ZkClient)
> > --
> >
> > Kerberos logs
> >
> > Jan 15 15:39:44 ip-10-241-251-175.us-west-2.compute.internal
> > krb5kdc[9767](info): AS_REQ (6 etypes {18 17 16 23 1 3}) 10.241.251.217:
> > ISSUE: authtime 1452890384, etypes {rep=18 tkt=18 ses=18}, kafka/
> > 10.241.251.217@EXAMPLE.COM for krbtgt/EXAMPLE.COM@EXAMPLE.COM
> > Jan 15 15:39:44 ip-10-241-251-175.us-west-2.compute.internal
> > krb5kdc[9767](info): TGS_REQ (6 etypes {18 17 16 23 1 3}) 10.241.251.217
> :
> > ISSUE: authtime 1452890384, etypes {rep=18 tkt=18 ses=18}, kafka/
> > 10.241.251.217@EXAMPLE.COM for zookeeper/localhost@EXAMPLE.COM
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message