Login/Register
No serviceName defined in either JAAS or Kafka config (not Kerberos)
Asked Answered
Solved apache-kafkakafka-producer-apiapache-kafka-security
W

2

13

I'm trying to configure a kafka client to authenticate against a secure kafkaserver. I've set up the jaas and ssl configs, but it's complaining about serviceNames.

I am not using Kerberos.

command

KAFKA_OPTS="-Djava.security.auth.login.config=./jaas.conf" \ 
kafka-console-producer --broker-list k0:9092,k1:9092,k2:9092 \
   --topic test-topic 
   --producer.config ./ssl.properties

error

org.apache.kafka.common.KafkaException: Failed to construct kafka producer
    at org.apache.kafka.clients.producer.KafkaProducer.<init>
    [ ... ] 
Caused by: java.lang.IllegalArgumentException: No serviceName defined in either JAAS or Kafka config

jaas.conf

KafkaServer {
    org.apache.kafka.common.security.plain.PlainLoginModule required
    serviceName="kafka"
    password="broker-secret"
    user_broker="broker-secret"
    sasl.enabled.mechanisms=PLAIN
    sasl.mechanism.inter.broker.protocol=PLAIN
    confluent.metrics.reporter.sasl.mechanism=PLAIN
    user_username1="password1";
};

ssl.properties

bootstrap.servers=k0:9092,k1:9092,k2:9092
security.protocol=SASL_PLAINTEXT
ssl.truststore.location=/var/ssl/private/client.truststore.jks
ssl.truststore.password=confluent
ssl.keystore.location=/var/ssl/private/client.keystore.jks
ssl.keystore.password=confluent
ssl.key.password=confluent


producer.bootstrap.servers=k0:9092,1:9092,k2:9092
producer.security.protocol=SASL_PLAINTEXT
producer.ssl.truststore.location=/var/private/ssl/kafka.client.truststore.jks
producer.ssl.truststore.location=/var/ssl/private/client.truststore.jks
producer.ssl.truststore.password=confluent
producer.ssl.keystore.location=/var/ssl/private/client.keystore.jks
producer.ssl.keystore.password=confluent
producer.ssl.key.password=confluent

org.apache.kafka.common.security.plain.PlainLoginModule required
password="broker-secret"
user_broker="broker-secret"
sasl.enabled.mechanisms=PLAIN
sasl.mechanism.inter.broker.protocol=PLAIN
confluent.metrics.reporter.sasl.mechanism=PLAIN
user_username1="password";
serviceName="Kafka"
Wombat answered 4/3, 2019 at 18:49 Comment(2)
What is the content of ssl.properties?Libration
ssl.properties -> ssl.conf (i had accidentally mis-named while sanitising it to copy it to this site)Wombat
L
8

This error indicates that jaas configuration is not visible to your kafka producer. To solve this issue, you either need to include 

sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="(username)" password="(password)";

in your ssl.properties file, or export it in your path

export KAFKA_OPTS="-Djava.security.auth.login.config=path/to/jaas.conf"
Libration answered 4/3, 2019 at 21:39 Comment(2)
still issue exist , any ideaTem
I already have this config but the error No serviceName defined in either JAAS or Kafka config still happens.Axial
H
0

I was getting this error and tried both options but did not worked. After searching all documents finally found that we have to give credentials like this

If you are directly adding this into properties file then use this

sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \
  username="username" \
  password="password";

If you are running kafka-connect, modify property file using echo command

echo "sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \\
  username=\"${confluent_jass_config_username}\" \\
  password=\"${confluent_jass_config_password}\";" >> /opt/connector/config/connect-distributed.properties
  • This approach is also useful when you have password with special character like + or forward slash, as in this cases jaas.conf file approach was not working for me but this worked and solved all errors
  • Add same config property using producer or consumer prefix if its source or sink connectors
Hypotaxis answered 6/3 at 16:19 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.