-
Notifications
You must be signed in to change notification settings - Fork 3.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cyrus/libsasl2 is missing a GSSAPI module #4731
Comments
Hi @SolaTian have you installed |
I'm really sorry, I don't quite understand what you said about installing |
Side question. Seems that confluent shipped 2.4.0 deb's have been compiled without gssapi support. 2.3.0 still has it. Is that intended? |
Given there was a pipeline migration, 2.4.0 version of Debian packages was compiled without libsasl2 support, it's fixed now in deb version 2.4.0-3 |
Thanks for the clarification, and sorry for hijacking the thread. |
@SolaTian about 2.3.0: |
@emasab Thank you very much. I cross compiled the |
Exactly the .so is dynamically loaded by libsasl2 |
Read the FAQ first: https://github.com/confluentinc/librdkafka/wiki/FAQ
Do NOT create issues for questions, use the discussion forum: https://github.com/confluentinc/librdkafka/discussions
Description
%7|1716569607.172|APIVERSION|rdkafka#producer-1| [thrd:sasl_plaintext://11.82.37.28:21007/bootstrap]: sasl_plaintext://11.82.37.28:21007/bootstrap: Feature IdempotentProducer: InitProducerId (0..0) supported by broker
%7|1716569607.172|APIVERSION|rdkafka#producer-1| [thrd:sasl_plaintext://11.82.37.28:21007/bootstrap]: sasl_plaintext://11.82.37.28:21007/bootstrap: Enabling feature IdempotentProducer
%7|1716569607.172|APIVERSION|rdkafka#producer-1| [thrd:sasl_plaintext://11.82.37.28:21007/bootstrap]: sasl_plaintext://11.82.37.28:21007/bootstrap: Feature ZSTD: Produce (7..7) NOT supported by broker
%7|1716569607.172|APIVERSION|rdkafka#producer-1| [thrd:sasl_plaintext://11.82.37.28:21007/bootstrap]: sasl_plaintext://11.82.37.28:21007/bootstrap: Feature ZSTD: Fetch (10..10) NOT supported by broker
%7|1716569607.172|APIVERSION|rdkafka#producer-1| [thrd:sasl_plaintext://11.82.37.28:21007/bootstrap]: sasl_plaintext://11.82.37.28:21007/bootstrap: Disabling feature ZSTD
%7|1716569607.172|APIVERSION|rdkafka#producer-1| [thrd:sasl_plaintext://11.82.37.28:21007/bootstrap]: sasl_plaintext://11.82.37.28:21007/bootstrap: Feature SaslAuthReq: SaslHandshake (1..1) supported by broker
%7|1716569607.172|APIVERSION|rdkafka#producer-1| [thrd:sasl_plaintext://11.82.37.28:21007/bootstrap]: sasl_plaintext://11.82.37.28:21007/bootstrap: Feature SaslAuthReq: SaslAuthenticate (0..1) supported by broker
%7|1716569607.172|APIVERSION|rdkafka#producer-1| [thrd:sasl_plaintext://11.82.37.28:21007/bootstrap]: sasl_plaintext://11.82.37.28:21007/bootstrap: Enabling feature SaslAuthReq
%7|1716569607.172|FEATURE|rdkafka#producer-1| [thrd:sasl_plaintext://11.82.37.28:21007/bootstrap]: sasl_plaintext://11.82.37.28:21007/bootstrap: Updated enabled protocol features to MsgVer1,ApiVersion,BrokerBalancedConsumer,ThrottleTime,Sasl,SaslHandshake,BrokerGroupCoordinator,LZ4,OffsetTime,MsgVer2,IdempotentProducer,SaslAuthReq
%7|1716569607.172|AUTH|rdkafka#producer-1| [thrd:sasl_plaintext://11.82.37.28:21007/bootstrap]: sasl_plaintext://11.82.37.28:21007/bootstrap: Auth in state APIVERSION_QUERY (handshake supported)
%7|1716569607.172|STATE|rdkafka#producer-1| [thrd:sasl_plaintext://11.82.37.28:21007/bootstrap]: sasl_plaintext://11.82.37.28:21007/bootstrap: Broker changed state APIVERSION_QUERY -> AUTH_HANDSHAKE
%7|1716569607.172|BROADCAST|rdkafka#producer-1| [thrd:sasl_plaintext://11.82.37.28:21007/bootstrap]: Broadcasting state change
%7|1716569607.172|SEND|rdkafka#producer-1| [thrd:sasl_plaintext://11.82.37.28:21007/bootstrap]: sasl_plaintext://11.82.37.28:21007/bootstrap: Sent SaslHandshakeRequest (v1, 29 bytes @ 0, CorrId 3)
%7|1716569607.177|RECV|rdkafka#producer-1| [thrd:sasl_plaintext://11.82.37.28:21007/bootstrap]: sasl_plaintext://11.82.37.28:21007/bootstrap: Received SaslHandshakeResponse (v1, 14 bytes, CorrId 3, rtt 5.23ms)
%7|1716569607.177|SASLMECHS|rdkafka#producer-1| [thrd:sasl_plaintext://11.82.37.28:21007/bootstrap]: sasl_plaintext://11.82.37.28:21007/bootstrap: Broker supported SASL mechanisms: GSSAPI
%7|1716569607.177|AUTH|rdkafka#producer-1| [thrd:sasl_plaintext://11.82.37.28:21007/bootstrap]: sasl_plaintext://11.82.37.28:21007/bootstrap: Auth in state AUTH_HANDSHAKE (handshake supported)
%7|1716569607.177|STATE|rdkafka#producer-1| [thrd:sasl_plaintext://11.82.37.28:21007/bootstrap]: sasl_plaintext://11.82.37.28:21007/bootstrap: Broker changed state AUTH_HANDSHAKE -> AUTH_REQ
%7|1716569607.177|BROADCAST|rdkafka#producer-1| [thrd:sasl_plaintext://11.82.37.28:21007/bootstrap]: Broadcasting state change
%7|1716569607.177|SASL|rdkafka#producer-1| [thrd:sasl_plaintext://11.82.37.28:21007/bootstrap]: sasl_plaintext://11.82.37.28:21007/bootstrap: Initializing SASL client: service name kafka, hostname 11.82.37.28, mechanisms GSSAPI, provider Cyrus
%7|1716569607.178|SASL|rdkafka#producer-1| [thrd:sasl_plaintext://11.82.37.28:21007/bootstrap]: sasl_plaintext://11.82.37.28:21007/bootstrap: My supported SASL mechanisms: EXTERNAL
%2|1716569607.178|LIBSASL|rdkafka#producer-1| [thrd:sasl_plaintext://11.82.37.28:21007/bootstrap]: sasl_plaintext://11.82.37.28:21007/bootstrap: Cyrus/libsasl2 is missing a GSSAPI module: make sure the libsasl2-modules-gssapi-mit or cyrus-sasl-gssapi packages are installed
%7|1716569607.178|FAIL|rdkafka#producer-1| [thrd:sasl_plaintext://11.82.37.28:21007/bootstrap]: sasl_plaintext://11.82.37.28:21007/bootstrap: Failed to initialize SASL authentication: SASL handshake failed (start (-4)): SASL(-4): no mechanism available: No worthy mechs found (after 0ms in state AUTH_REQ) (_AUTHENTICATION)
%3|1716569607.178|FAIL|rdkafka#producer-1| [thrd:sasl_plaintext://11.82.37.28:21007/bootstrap]: sasl_plaintext://11.82.37.28:21007/bootstrap: Failed to initialize SASL authentication: SASL handshake failed (start (-4)): SASL(-4): no mechanism available: No worthy mechs found (after 0ms in state AUTH_REQ)
How to reproduce
I configured the Kerberos with the option
--with-gss_impl=mit --enable-plain --enable-gssapi --with-dblib=no --without-des --without-saslauthd
(cyrus-sasl-2.1.27
),but when I try to get Authentication, it indicate thatMy supported SASL mechanisms: EXTERNAL
,Cyrus/libsasl2 is missing a GSSAPI module
.why's that?Checklist
IMPORTANT: We will close issues where the checklist has not been completed.
Please provide the following information:
<librdkafka-2.3.0>
<2.3.0>
<message.max.bytes = 8388608; debug = generic,broker,topic,metadata,feature,queue,msg,protocol,cgrp,security,fetch,interceptor,plugin,consumer,admin,eos,mock,assignor,conf,all; socket.timeout.ms = 5000; api.version.request = true; security.protocol = sasl_plaintext; sasl.mechanisms = GSSAPI; sasl.kerberos.service.name = Kerberos_Service_Name; sasl.kerberos.principal = Kerberos_Principal; sasl.kerberos.kinit.cmd = kinit -k -t "%{sasl.kerberos.keytab}" %{sasl.kerberos.principal}; sasl.kerberos.keytab = /etc/user.keytab; queue.buffering.max.messages = 3; queue.buffering.max.ms = 10;>
<Ubuntu>
debug = generic,broker,topic,metadata,feature,queue,msg,protocol,cgrp,security,fetch,interceptor,plugin,consumer,admin,eos,mock,assignor,conf,all
) from librdkafkaThe text was updated successfully, but these errors were encountered: