lizhey314 2019-02-02 17:20 采纳率: 100%
浏览 1738

kafka 集成 kerberos ,启动kafka报错

kafka 使用kerberos协议的时候,启动kakfa的时候报zookeeper校验不通过。
错误信息如下:图片说明

kerberos的用户密钥:图片说明

kerberos的etc/krb5.conf配置信息:[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = EXAMPLE.COM
default_tkt_enctypes = arcfour-hmac-md5
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true

[realms]
EXAMPLE.COM = {
kdc = 192.168.1.41
admin_server = 192.168.1.41
}

[domain_realm]
kafka = EXAMPLE.COM
zookeeper = EXAMPLE.COM
weiwei = EXAMPLE.COM
192.168.1.41 = EXAMPLE.COM
127.0.0.1 = EXAMPLE.COM

kerberos 的var/kerberos/krb5kdc/kdc.conf的配置信息:
[kdcdefaults]
kdc_ports = 88
kdc_tcp_ports = 88

[realms]
EXAMPLE.COM = {
#master_key_type = aes256-cts
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
max_renewable_life = 7d
supported_enctypes = aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
}

kafka的kafka_server_jaas.conf的配置信息:
KafkaServer {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab="/var/kerberos/krb5kdc/kafka.keytab"
principal="kafka/weiwei@EXAMPLE.COM";
};

Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab="/var/kerberos/krb5kdc/kafka.keytab"
principal="zookeeper/192.168.1.41@EXAMPLE.COM";
};

zookeeper_jaas.conf的配置信息:
Server{
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
useTicketCache=false
keyTab="/var/kerberos/krb5kdc/kafka.keytab"
principal="zookeeper/192.168.1.41@EXAMPLE.COM";
};

zookeeper.properties的新增配置信息:

authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
requireClientAuthScheme=sasl
jaasLoginRenew=3600000

server.properties 新增的配置信息:
advertised.host.name=192.168.1.41
advertised.listeners=SASL_PLAINTEXT://192.168.1.41:9092
listeners=SASL_PLAINTEXT://192.168.1.41:9092
#listeners=PLAINTEXT://127.0.0.1:9093
security.inter.broker.protocol=SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=GSSAPI
sasl.enabled.mechanisms=GSSAPI
sasl.kerberos.service.name=kafka

zookeeper-server-start.sh 新增的配置信息
export KAFKA_OPTS='-Djava.security.krb5.conf=/etc/krb5.conf -Djava.security.auth.login.config=/home/shubei/Downloads/kafka_2.12-1.0.0/config/zookeeper_jaas.conf'

kafka-server-start.sh 新增的配置信息:
export KAFKA_OPTS='-Djava.security.krb5.conf=/etc/krb5.conf -Djava.security.auth.login.config=/home/shubei/Downloads/kafka_2.12-1.0.0/config/kafka_server_jaas.conf'

配置信息基本是这样,快过年了,小弟在线求救,再预祝大侠们新年快乐。












  • 写回答

0条回答 默认 最新

    报告相同问题?

    悬赏问题

    • ¥15 chaquopy python 安卓
    • ¥50 Kubernetes&Fission&Eleasticsearch
    • ¥15 有没有帮写代码做实验仿真的
    • ¥15 報錯:Person is not mapped,如何解決?
    • ¥30 vmware exsi重置后登不上
    • ¥15 易盾点选的cb参数怎么解啊
    • ¥15 MATLAB运行显示错误,如何解决?
    • ¥15 c++头文件不能识别CDialog
    • ¥15 Excel发现不可读取的内容
    • ¥15 关于#stm32#的问题:CANOpen的PDO同步传输问题