Inter-Broker Communication with SASL_PLAINTEXT fails

[Simon Frey]

Hi

I tried to setup plain user password authentication for my interbroker communication.

But I keep getting connection exceptions in controller.log

[2017-01-05 13:29:51,382] WARN [Controller-0-to-broker-0-send-thread], Controller 0's connection to broker [myhost]:9093 (id: 0 rack: null) was unsuccessful (kafka.controll

er.RequestSendThread)

java.io.IOException: Connection to [myhost]:9093 (id: 0 rack: null) failed

        at kafka.utils.NetworkClientBlockingOps$.awaitReady$1(NetworkClientBlockingOps.scala:83)

        at kafka.utils.NetworkClientBlockingOps$.blockingReady$extension(NetworkClientBlockingOps.scala:93)

        at kafka.controller.RequestSendThread.brokerReady(ControllerChannelManager.scala:230)

        at kafka.controller.RequestSendThread.liftedTree1$1(ControllerChannelManager.scala:182)

        at kafka.controller.RequestSendThread.doWork(ControllerChannelManager.scala:181)

        at kafka.utils.ShutdownableThread.run(ShutdownableThread.scala:63)

Where [myhost] is any of my brokers hostname.

My config looks like this:

server.properties

listeners = SASL_PLAINTEXT://:9093

security.inter.broker.protocol=SASL_PLAINTEXT

sasl.mechanism.inter.broker.protocol=PLAIN

sasl.enabled.mechanisms=PLAIN

jaas.conf

KafkaServer {

   org.apache.kafka.common.security.plain.PlainLoginModule required

   username="kafka"

   password="kafka";

};

I tried with confluent plattform 3.1.1 as well as plain apache kafka 0.10.1.1.

Using PLAINTEXT instead of SASL_PLAINTEXT works fine.

Any Ideas what I'm doing wrong? Or where to look at?

[Simon Frey]

I think I got it. My jaas.conf should also contain a section where the user is defined.

KafkaServer {

   org.apache.kafka.common.security.plain.PlainLoginModule required

   username="kafka"

   password="kafka"

   user_kafka="kafka"

;

};