[
https://issues.apache.org/jira/browse/KAFKA-13055?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alexey Kashavkin updated KAFKA-13055:
-------------------------------------
Description:
I'm setting up kafka security with multiple listeners. Listener for broker
works as plaintext and I don't want to use authentication for them. My cluster
has configuration:
{code:bash}
listeners=BROKERS://:9091,CLIENTS://:9092,CLIENTS-NOSSL://:9093inter.broker.listener.name=BROKERS
sasl.enabled.mechanisms=SCRAM-SHA-256listener.security.protocol.map=BROKERS:PLAINTEXT,CLIENTS:SASL_SSL,CLIENTS-NOSSL:SASL_PLAINTEXT
{code}
For clients, I want use SCRAM and only for them (not for brokers). But when I
start broker, I see following message in log:
{code:bash}
ERROR [KafkaServer id=0] Fatal error during KafkaServer startup. Prepare to
shutdown (kafka.server.KafkaServer)
java.lang.IllegalArgumentException: Could not find a 'KafkaServer' or
'clients.KafkaServer' entry in the JAAS configuration. System property
'java.security.auth.login.config' is not set
{code}
Why is this file so need, if I don't use authentication for brokers and SCRAM
mechanism stores credentials in zookeeper? I didn't find any information in
[docs|http://kafka.apache.org/documentation/#security] about why this is so
necessary.
was:
I'm setting up kafka security with multiple listeners. Listener for broker
works as plaintext and I don't want to use authentication for them. My cluster
has configuration:
{code:bash}
listeners=BROKERS://:9091,CLIENTS://:9092,CLIENTS-NOSSL://:9093inter.broker.listener.name=BROKERS
sasl.enabled.mechanisms=SCRAM-SHA-256listener.security.protocol.map=BROKERS:PLAINTEXT,CLIENTS:SASL_SSL,CLIENTS-NOSSL:SASL_PLAINTEXT
{code}
For clients, I want use SCRAM and only for them (not for brokers). But when I
start broker, I see following message in log:
{code:bash}
ERROR [KafkaServer id=0] Fatal error during KafkaServer startup. Prepare to
shutdown (kafka.server.KafkaServer)
java.lang.IllegalArgumentException: Could not find a 'KafkaServer' or
'clients.KafkaServer' entry in the JAAS configuration. System property
'java.security.auth.login.config' is not set
{code}
Why is this file so need, if I don't use authentication for brokers and SCRAM
mechanism stores credentials in zookeeper? I didn't find any information about
it in [docs|http://kafka.apache.org/documentation/#security].
> Security without JAAS file
> --------------------------
>
> Key: KAFKA-13055
> URL: https://issues.apache.org/jira/browse/KAFKA-13055
> Project: Kafka
> Issue Type: Bug
> Components: security
> Affects Versions: 2.8.0
> Reporter: Alexey Kashavkin
> Priority: Major
>
> I'm setting up kafka security with multiple listeners. Listener for broker
> works as plaintext and I don't want to use authentication for them. My
> cluster has configuration:
> {code:bash}
> listeners=BROKERS://:9091,CLIENTS://:9092,CLIENTS-NOSSL://:9093inter.broker.listener.name=BROKERS
> sasl.enabled.mechanisms=SCRAM-SHA-256listener.security.protocol.map=BROKERS:PLAINTEXT,CLIENTS:SASL_SSL,CLIENTS-NOSSL:SASL_PLAINTEXT
> {code}
> For clients, I want use SCRAM and only for them (not for brokers). But when I
> start broker, I see following message in log:
> {code:bash}
> ERROR [KafkaServer id=0] Fatal error during KafkaServer startup. Prepare to
> shutdown (kafka.server.KafkaServer)
> java.lang.IllegalArgumentException: Could not find a 'KafkaServer' or
> 'clients.KafkaServer' entry in the JAAS configuration. System property
> 'java.security.auth.login.config' is not set
> {code}
> Why is this file so need, if I don't use authentication for brokers and SCRAM
> mechanism stores credentials in zookeeper? I didn't find any information in
> [docs|http://kafka.apache.org/documentation/#security] about why this is so
> necessary.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
