0

I'm trying to setup Kafka and Zookeeper with SASL authentication. My goal is to be able to enable authentication for Kafka so I can manage it with Kafka UI. However, I have been struggling and cannot deploy them. This is zookeeper and kafka in docker-composer.yaml.

  zookeeper:
    image: confluentinc/cp-zookeeper:7.4.4
    environment:
      ZOOKEEPER_CLIENT_PORT: 2181
      ZOOKEEPER_TICK_TIME: 2000
      KAFKA_OPTS:
        -Djava.security.auth.login.config=/tmp/zookeeper_server_jaas.conf
        -Dquorum.auth.enableSasl=true
        -Dquorum.cnxn.threads.size=20
        -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
        -DjaasLoginRenew=3600000
        -DrequireClientAuthScheme=sasl

    volumes:
      - ./zookeeper_server_jaas.conf:/tmp/zookeeper_server_jaas.conf
    ports:
      - 22181:2181

  kafka:
    image: confluentinc/cp-kafka:7.4.4
    depends_on:
      - zookeeper
    ports:
      - 29092:29092
    environment:
      KAFKA_BROKER_ID: 1
      KAFKA_LISTENERS: SASL_PLAINTEXT://:9092
      KAFKA_ADVERTISED_LISTENERS: SASL_PLAINTEXT://localhost:9092
      KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
      KAFKA_OPTS:
        -Djava.security.auth.login.config=/tmp/kafka_server_jaas.conf
        -Dquorum.auth.enableSasl=true
      KAFKA_INTER_BROKER_LISTENER_NAME: SASL_PLAINTEXT
      KAFKA_SASL_ENABLED_MECHANISMS: PLAIN
      KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN
      KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
    volumes:
      - ./kafka_server_jaas.conf:/tmp/kafka_server_jaas.conf

This is my configuration files:

zookeeper_server_jaas.conf

Server {
    org.apache.zookeeper.server.auth.DigestLoginModule required
    user_admin="admin-secret";
};

kafka_sever_jaas.conf

KafkaServer {
   org.apache.kafka.common.security.scram.ScramLoginModule required
   username="client"
   password="clientpwd"
   user_client="clientpwd";
};

Client {
    org.apache.kafka.common.security.plain.PlainLoginModule required
    username="admin"
    password="admin-secret";
};

The Kafka container will stop immediately with error:

ERROR SASL authentication failed using login context 'Client'. (org.apache.zookeeper.client.ZooKeeperSaslClient)
javax.security.sasl.SaslException: Error in authenticating with a Zookeeper Quorum member: the quorum member's saslToken is null.

And the Zookeeper container keeps running, but it logs:

ERROR cnxn.saslServer is null: cnxn object did not initialize its saslServer properly. (org.apache.zookeeper.server.ZooKeeperServer)

I tried to add the command: ["tail", "-f", "/dev/null"] to check if the conf file is properly mounted, they appeared to be in the container director /tmp/ . I did many online research related to this problem, but nothing worked out for me.

Improve this question
1
  • The broker JAAS file needs a Zookeeper client SASL config, however kafka no longer requires Zookeeper, so maybe you can try configuring Kraft mode instead
    – OneCricketeer
    Commented Jun 22 at 12:45
Related questions
1
Kafka receive Sasl Exception from Zookeeper when SASL Authentication enabled
0
Exception while loading Zookeeper JAAS login context and Could not find a 'KafkaServer' or 'sasl_plaintext.KafkaServer' entry in the JAAS
0
Apache Kafka SASL_SSL configure failure ( ERROR SASL authentication failed using login context 'Client'.)
Load 5 more related questions Show fewer related questions

0

Reset to default

Browse other questions tagged or ask your own question.