we are sending logs from file.txt to Kafka(SASL_SSL with kerberos). Below are the parm being set in conf file:
bootstrap_servers => "broker:9093"
codec => json
topic_id => "topic"
jaas_path => "jaas.conf"
kerberos_config => "krb5.conf"
sasl_kerberos_service_name => "kafka"
sasl_mechanism => "GSSAPI"
security_protocol => "SASL_SSL"
ssl_endpoint_identification_algorithm => "https"
ssl_key_password => ""
ssl_keystore_location => "jks"
ssl_keystore_password => ""
ssl_keystore_type => "JKS"
ssl_truststore_location => "jks"
ssl_truststore_password => ""
ssl_truststore_type => "JKS"
Let me know If I miss any parameter.
when I run logstash, I get "boostrap broker disconnected" error from logstash. From kafka I see below error
[2020-08-21 23:04:46,160] INFO Successfully authenticated client: authenticationID=abc@REALM.COM;
org.apache.kafka.common.KafkaException: Failed to set name for 'domain@REALM' based on Kerberos authentication rules.
at org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder.applyKerberosShortNamer(DefaultKafkaPrincipalBuilder.java:142)
at org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder.build(DefaultKafkaPrincipalBuilder.java:128)
at org.apache.kafka.common.security.authenticator.SaslServerAuthenticator.principal(SaslServerAuthenticator.java:292)
at org.apache.kafka.common.network.KafkaChannel.principal(KafkaChannel.java:162)
at kafka.network.Processor.$anonfun$processCompletedReceives$1(SocketServer.scala:888)
at kafka.network.Processor.$anonfun$processCompletedReceives$1$adapted(SocketServer.scala:871)
at scala.collection.Iterator.foreach(Iterator.scala:941)
at scala.collection.Iterator.foreach$(Iterator.scala:941)
.......
Caused by: org.apache.kafka.common.security.kerberos.NoMatchingRule: No rules apply to domain@REALM, rules
at org.apache.kafka.common.security.kerberos.KerberosShortNamer.shortName(KerberosShortNamer.java:98)
Any leads appreciated. Thanks.