I try to setup KafkaChannel (or KafkaSource) in Flume. And I constantly receive following Exception
Caused by: javax.security.auth.login.LoginException: Could not login: the client is being asked for a password, but the Kafka client code does not currently support obtaining a password from the user. Make sure -Djava.security.auth.login.config property passed to JVM and the client is configured to use a ticket cache (using the JAAS configuration setting 'useTicketCache=true)'. Make sure you are using FQDN of the Kafka broker you are trying to connect to. not available to garner authentication information from the user
My jaas.conf is following:
KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
serviceName="kafka"
keyTab="flume-kafka.keytab"
principal="flume/kafka@MYDOMAIN.COM";
};
I have provided this confgration to Flume via
JAVA_OPTS="$JAVA_OPTS -Djava.security.auth.login.config=/path/to/jaas.conf "
And finally I have specified
agent.channels.myChannel.kafka.consumer.security.protocol = SASL_PLAINTEXT
Does anyone have any ideas why Flume does not use keyTab? Let me know if more details are needed.
Thanks to this post (original) I've noticed that KafkaClient config specified in Flume 1.6 documentation provided by Cloudera was missing some options. Then I took a look at Official Apache Flume 1.7 documentation and noticed that I miss the following properties:
a1.channels.channel1.kafka.consumer.sasl.mechanism = GSSAPI
a1.channels.channel1.kafka.consumer.sasl.kerberos.service.name = kafka