I have implemented authentication using SASL(with TLS encryption) between zookeeper and kafka broker. However, when I am trying to connect to kafka server, I am getting an error.
The error is :
ERROR Fatal error during KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer)
java.lang.SecurityException: zookeeper.set.acl is true, but ZooKeeper client TLS configuration identifying at least kafka.server.KafkaConfig$@536dbea0.ZkSslClientEnableProp, kafka.server.KafkaConfig$@536dbea0.ZkClientCnxnSocketProp, and kafka.server.KafkaConfig$@536dbea0.ZkSslKeyStoreLocationProp was not present and the verification of the JAAS login file failed [java.security.auth.login.config=null, zookeeper.sasl.client=default:true, zookeeper.sasl.clientconfig=default:Client]
at kafka.server.KafkaServer.initZkClient(KafkaServer.scala:499)
at kafka.server.KafkaServer.startup(KafkaServer.scala:203)
at kafka.Kafka$.main(Kafka.scala:109)
at kafka.Kafka.main(Kafka.scala)
[2023-07-03 09:37:15,112] INFO shutting down (kafka.server.KafkaServer)
[2023-07-03 09:37:15,121] INFO App info kafka.server for 0 unregistered (org.apache.kafka.common.utils.AppInfoParser)
[2023-07-03 09:37:15,122] INFO shut down completed (kafka.server.KafkaServer)
[2023-07-03 09:37:15,122] ERROR Exiting Kafka due to fatal exception during startup. (kafka.Kafka$)
java.lang.SecurityException: zookeeper.set.acl is true, but ZooKeeper client TLS configuration identifying at least kafka.server.KafkaConfig$@536dbea0.ZkSslClientEnableProp, kafka.server.KafkaConfig$@536dbea0.ZkClientCnxnSocketProp, and kafka.server.KafkaConfig$@536dbea0.ZkSslKeyStoreLocationProp was not present and the verification of the JAAS login file failed [java.security.auth.login.config=null, zookeeper.sasl.client=default:true, zookeeper.sasl.clientconfig=default:Client]
at kafka.server.KafkaServer.initZkClient(KafkaServer.scala:499)
at kafka.server.KafkaServer.startup(KafkaServer.scala:203)
at kafka.Kafka$.main(Kafka.scala:109)
at kafka.Kafka.main(Kafka.scala)
[2023-07-03 09:37:15,125] INFO shutting down (kafka.server.KafkaServer)
Below are my zookeeper and server properties file:
**zookeeper.properties:**
dataDir=/tmp/zookeeper
authProvider.sasl=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
sasl.jaas.config=org.apache.zookeeper.server.auth.DigestLoginModule required user_super="adminsecret" user_admin="12345";
requireClientAuthScheme=sasl
clientPort=2182
serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
ssl.trustStore.location=E:/confluent-7.3.3/etc/kafka/SSL/kafka.zookeeper.truststore.jks
ssl.trustStore.password=12345
ssl.keyStore.location=E:/confluent-7.3.3/etc/kafka/SSL/kafka.zookeeper.keystore.jks
ssl.keyStore.password=12345
ssl.clientAuth=none
maxClientCnxns=0
admin.enableServer=false
**server.properties:**
broker.id=0
listeners=PLAINTEXT://localhost:9092
advertised.listeners=PLAINTEXT:/localhost:9092
num.network.threads=3
num.io.threads=8
socket.send.buffer.bytes=102400
socket.receive.buffer.bytes=102400
socket.request.max.bytes=104857600
log.dirs=/tmp/kafka-logs
num.partitions=1
num.recovery.threads.per.data.dir=1
offsets.topic.replication.factor=1
transaction.state.log.replication.factor=1
transaction.state.log.min.isr=1
log.retention.hours=168
log.retention.check.interval.ms=300000
zookeeper.connect=localhost:2182
zookeeper.connection.timeout.ms=18000
group.initial.rebalance.delay.ms=0
#SASL changes:
sasl.jaas.config=org.apache.zookeeper.server.auth.DigestLoginModule required username="admin" password="12345";
#SSL changes
zookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty
zookeeper.ssl.client.enable=true
zookeeper.ssl.truststore.location=E:/confluent-7.3.3/etc/kafka/SanketSSL/kafka.truststore.jks
zookeeper.ssl.truststore.password=123456789
zookeeper.set.acl=true
Can anyone help me with this issue, also apart from this : 1)While implementing SASL between zookeeper to kafka, should zookeeper run on secure client port ? 2) As I have set ssl.ClientAuth to none, do I have to mentioned keystore details in server.properties?
