Quick Fix: Kafka client code does not currently support obtaining a password from the user

In a kerberos environment when we are trying to produce or consume data from Kafka topic we generally use below console producer command

./kafka-console-producer.sh --broker-list broker-hostname:6667 --topic benchmark --producer.config /tmp/producer.config --security-protocol SASL_PLAINTEXT

But when we are running this command even though we have a kerberos ticket with us but we still get error

Caused by: javax.security.auth.login.LoginException: Could not login: the client is being asked for a password, but the Kafka client code does not currently support obtaining a password from the user. not available to garner  authentication information from the user

This happens because kafka client tool does not know from where it can pick up the kerberos ticket for kafka service So we need to set a variable which tells kafka toolkit from where it can access the kerberos ticket

export KAFKA_CLIENT_KERBEROS_PARAMS="-Djava.security.auth.login.config=/Path/to/Jaas/File" 

In my HDP cluster I was using jass file from below location

/usr/hdp/current/kafka-broker/conf/kafka_client_jaas.conf

Content of my jass file was

KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=true
renewTicket=true
serviceName="kafka";
};

This tells kafka toolkit to pick up the ticket from ticket cache after this I ran my producer command and it was working perfectly fine

Leave a Reply