lizhey314 2019-02-02 17:20 采纳率: 100%
浏览 1738

kafka 集成 kerberos ,启动kafka报错

kafka 使用kerberos协议的时候,启动kakfa的时候报zookeeper校验不通过。
错误信息如下:图片说明

kerberos的用户密钥:图片说明

kerberos的etc/krb5.conf配置信息:[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = EXAMPLE.COM
default_tkt_enctypes = arcfour-hmac-md5
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true

[realms]
EXAMPLE.COM = {
kdc = 192.168.1.41
admin_server = 192.168.1.41
}

[domain_realm]
kafka = EXAMPLE.COM
zookeeper = EXAMPLE.COM
weiwei = EXAMPLE.COM
192.168.1.41 = EXAMPLE.COM
127.0.0.1 = EXAMPLE.COM

kerberos 的var/kerberos/krb5kdc/kdc.conf的配置信息:
[kdcdefaults]
kdc_ports = 88
kdc_tcp_ports = 88

[realms]
EXAMPLE.COM = {
#master_key_type = aes256-cts
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
max_renewable_life = 7d
supported_enctypes = aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
}

kafka的kafka_server_jaas.conf的配置信息:
KafkaServer {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab="/var/kerberos/krb5kdc/kafka.keytab"
principal="kafka/weiwei@EXAMPLE.COM";
};

Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab="/var/kerberos/krb5kdc/kafka.keytab"
principal="zookeeper/192.168.1.41@EXAMPLE.COM";
};

zookeeper_jaas.conf的配置信息:
Server{
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
useTicketCache=false
keyTab="/var/kerberos/krb5kdc/kafka.keytab"
principal="zookeeper/192.168.1.41@EXAMPLE.COM";
};

zookeeper.properties的新增配置信息:

authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
requireClientAuthScheme=sasl
jaasLoginRenew=3600000

server.properties 新增的配置信息:
advertised.host.name=192.168.1.41
advertised.listeners=SASL_PLAINTEXT://192.168.1.41:9092
listeners=SASL_PLAINTEXT://192.168.1.41:9092
#listeners=PLAINTEXT://127.0.0.1:9093
security.inter.broker.protocol=SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=GSSAPI
sasl.enabled.mechanisms=GSSAPI
sasl.kerberos.service.name=kafka

zookeeper-server-start.sh 新增的配置信息
export KAFKA_OPTS='-Djava.security.krb5.conf=/etc/krb5.conf -Djava.security.auth.login.config=/home/shubei/Downloads/kafka_2.12-1.0.0/config/zookeeper_jaas.conf'

kafka-server-start.sh 新增的配置信息:
export KAFKA_OPTS='-Djava.security.krb5.conf=/etc/krb5.conf -Djava.security.auth.login.config=/home/shubei/Downloads/kafka_2.12-1.0.0/config/kafka_server_jaas.conf'

配置信息基本是这样,快过年了,小弟在线求救,再预祝大侠们新年快乐。
  • 写回答

0条回答

    报告相同问题?

    悬赏问题

    • ¥50 有数据,怎么建立模型求影响全要素生产率的因素
    • ¥50 有数据,怎么用matlab求全要素生产率
    • ¥15 TI的insta-spin例程
    • ¥15 完成下列问题完成下列问题
    • ¥15 C#算法问题, 不知道怎么处理这个数据的转换
    • ¥15 YoloV5 第三方库的版本对照问题
    • ¥15 请完成下列相关问题!
    • ¥15 drone 推送镜像时候 purge: true 推送完毕后没有删除对应的镜像,手动拷贝到服务器执行结果正确在样才能让指令自动执行成功删除对应镜像,如何解决?
    • ¥15 求daily translation(DT)偏差订正方法的代码
    • ¥15 js调用html页面需要隐藏某个按钮