kafka安装sasl报 org.apache.kafka.common.KafkaException: javax.security.auth.login.LoginException: Checksum failed

雪花 发表于: 2019-10-18   最后更新时间: 2019-10-18 20:31:53   4,401 游览 
[2019-10-17 18:25:55,574] INFO Starting log flusher with a default period of 9223372036854775807 ms. (kafka.log.LogManager)
[2019-10-17 18:25:56,134] INFO Awaiting socket connections on kube-node10:9092. (kafka.network.Acceptor)
[2019-10-17 18:25:56,175] ERROR [KafkaServer id=0] Fatal error during KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer)
org.apache.kafka.common.KafkaException: javax.security.auth.login.LoginException: Checksum failed
        at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:160)
        at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:146)
        at org.apache.kafka.common.network.ChannelBuilders.serverChannelBuilder(ChannelBuilders.java:85)
        at kafka.network.Processor.<init>(SocketServer.scala:726)
        at kafka.network.SocketServer.newProcessor(SocketServer.scala:367)
        at kafka.network.SocketServer.$anonfun$addDataPlaneProcessors$1(SocketServer.scala:261)
        at scala.collection.immutable.Range.foreach$mVc$sp(Range.scala:158)
        at kafka.network.SocketServer.addDataPlaneProcessors(SocketServer.scala:260)
        at kafka.network.SocketServer.$anonfun$createDataPlaneAcceptorsAndProcessors$1(SocketServer.scala:223)
        at kafka.network.SocketServer.$anonfun$createDataPlaneAcceptorsAndProcessors$1$adapted(SocketServer.scala:220)
        at scala.collection.mutable.ResizableArray.foreach(ResizableArray.scala:62)
        at scala.collection.mutable.ResizableArray.foreach$(ResizableArray.scala:55)
        at scala.collection.mutable.ArrayBuffer.foreach(ArrayBuffer.scala:49)
        at kafka.network.SocketServer.createDataPlaneAcceptorsAndProcessors(SocketServer.scala:220)
        at kafka.network.SocketServer.startup(SocketServer.scala:120)
        at kafka.server.KafkaServer.startup(KafkaServer.scala:255)
        at kafka.server.KafkaServerStartable.startup(KafkaServerStartable.scala:38)
        at kafka.Kafka$.main(Kafka.scala:84)
        at kafka.Kafka.main(Kafka.scala)
Caused by: javax.security.auth.login.LoginException: Checksum failed
        at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:804)
        at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
        at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
        at org.apache.kafka.common.security.authenticator.AbstractLogin.login(AbstractLogin.java:60)
        at org.apache.kafka.common.security.kerberos.KerberosLogin.login(KerberosLogin.java:103)
        at org.apache.kafka.common.security.authenticator.LoginManager.<init>(LoginManager.java:61)
        at org.apache.kafka.common.security.authenticator.LoginManager.acquireLoginManager(LoginManager.java:111)
        at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:149)
        ... 18 more
Caused by: KrbException: Checksum failed
        at sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType.decrypt(Aes128CtsHmacSha1EType.java:102)
        at sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType.decrypt(Aes128CtsHmacSha1EType.java:94)
        at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:175)
        at sun.security.krb5.KrbAsRep.decrypt(KrbAsRep.java:149)
        at sun.security.krb5.KrbAsRep.decryptUsingKeyTab(KrbAsRep.java:121)
        at sun.security.krb5.KrbAsReqBuilder.resolve(KrbAsReqBuilder.java:285)
        at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:361)
        at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:776)
        ... 35 more
Caused by: java.security.GeneralSecurityException: Checksum failed
        at sun.security.krb5.internal.crypto.dk.AesDkCrypto.decryptCTS(AesDkCrypto.java:451)
        at sun.security.krb5.internal.crypto.dk.AesDkCrypto.decrypt(AesDkCrypto.java:272)
        at sun.security.krb5.internal.crypto.Aes128.decrypt(Aes128.java:76)
        at sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType.decrypt(Aes128CtsHmacSha1EType.java:100)
        ... 42 more
[2019-10-17 18:25:56,182] INFO [KafkaServer id=0] shutting down (kafka.server.KafkaServer)
[2019-10-17 18:25:56,185] INFO [SocketServer brokerId=0] Stopping socket server request processors (kafka.network.SocketServer)
[2019-10-17 18:25:56,190] INFO [SocketServer brokerId=0] Stopped socket server request processors (kafka.network.SocketServer)
[2019-10-17 18:25:56,196] INFO Shutting down. (kafka.log.LogManager)
[2019-10-17 18:25:56,279] INFO Shutdown complete. (kafka.log.LogManager)
[2019-10-17 18:25:56,280] INFO [ZooKeeperClient Kafka server] Closing. (kafka.zookeeper.ZooKeeperClient)
[2019-10-17 18:25:56,289] INFO Session: 0x1007d9044ef0001 closed (org.apache.zookeeper.ZooKeeper)
[2019-10-17 18:25:56,291] INFO EventThread shut down for session: 0x1007d9044ef0001 (org.apache.zookeeper.ClientCnxn)
[2019-10-17 18:25:56,292] INFO [ZooKeeperClient Kafka server] Closed. (kafka.zookeeper.ZooKeeperClient)
[2019-10-17 18:25:56,293] INFO [ThrottledChannelReaper-Fetch]: Shutting down (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
[2019-10-17 18:25:56,484] INFO [ThrottledChannelReaper-Fetch]: Stopped (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
[2019-10-17 18:25:56,484] INFO [ThrottledChannelReaper-Fetch]: Shutdown completed (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
[2019-10-17 18:25:56,484] INFO [ThrottledChannelReaper-Produce]: Shutting down (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
[2019-10-17 18:25:57,484] INFO [ThrottledChannelReaper-Produce]: Stopped (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
[2019-10-17 18:25:57,484] INFO [ThrottledChannelReaper-Produce]: Shutdown completed (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
[2019-10-17 18:25:57,484] INFO [ThrottledChannelReaper-Request]: Shutting down (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
[2019-10-17 18:25:58,484] INFO [ThrottledChannelReaper-Request]: Stopped (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
[2019-10-17 18:25:58,484] INFO [ThrottledChannelReaper-Request]: Shutdown completed (kafka.server.ClientQuotaManager$ThrottledChannelReaper)
[2019-10-17 18:25:58,488] INFO [SocketServer brokerId=0] Shutting down socket server (kafka.network.SocketServer)
[2019-10-17 18:25:58,586] INFO [SocketServer brokerId=0] Shutdown completed (kafka.network.SocketServer)
[2019-10-17 18:25:58,596] INFO [KafkaServer id=0] shut down completed (kafka.server.KafkaServer)
[2019-10-17 18:25:58,597] ERROR Exiting Kafka. (kafka.server.KafkaServerStartable)
[2019-10-17 18:25:58,602] INFO [KafkaServer id=0] shutting down (kafka.server.KafkaServer)
kafka
发表于 2019-10-18
雪花

你可以通过日志来判断错误

tail -100f /var/log/krb5kdc.log
回复
回答于 5年前
半兽人
雪花 -> 半兽人 5年前

感谢大佬指点,是缺少了zk的jaas,我加上好了。

cat zookeeper_jaas.conf 
Server{
    com.sun.security.auth.module.Krb5LoginModule required
    useKeyTab=true
    storeKey=true
    useTicketCache=false
    keyTab="/etc/security/keytabs/kafka_server.keytab"
    principal="zookeeper/kube-node10@EXAMPLE.COM";
};
0 0 回复
你的答案

查看kafka相关的其他问题或提一个您自己的问题
提问

找不到想要的答案?提一个您自己的问题。