No JAAS configuration section named 'Client' was found in specified JAAS configuration file

General
1

Can’t deploy Kafka with SASL authentication. Could you give me a hint please?

Here is my docker-compose.yml

version: '3.1'

services:

  zookeeper:
    image: confluentinc/cp-zookeeper
    environment:
      ZOOKEEPER_CLIENT_PORT: 2181
      ZOOKEEPER_TICK_TIME: 2000
      ZOOKEEPER_INIT_LIMIT: 5
      ZOOKEEPER_SYNC_LIMIT: 2
      KAFKA_OPTS:
        -Djava.security.auth.login.config=/home/etozhekim/IdeaProjects/veles-core/zookeeper_server_jaas.conf
        -Dquorum.auth.enableSasl=true
        -Dquorum.cnxn.threads.size=20
        -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
        -DjaasLoginRenew=3600000
        -DrequireClientAuthScheme=sasl
    volumes:
      - /home/etozhekim/IdeaProjects/veles-core/zookeeper_server_jaas.conf
    networks:
      - kafka-cluster-network

  kafka:
    image: confluentinc/cp-kafka
    ports:
      - "9092:9092"
    depends_on:
      - zookeeper
    environment:
      KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
      KAFKA_SASL_ENABLED_MECHANISMS: PLAIN
      KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN
      KAFKA_SECURITY_INTER_BROKER_PROTOCOL: SASL_PLAINTEXT
      KAFKA_LISTENERS: SASL_PLAINTEXT://kafka:9092,SASL_PLAINTEXT://kafka:9092
      KAFKA_ADVERTISED_LISTENERS: SASL_PLAINTEXT://localhost:9092,SASL_PLAINTEXT://localhost:9092
      KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
      KAFKA_OPTS:
        -Dzookeeper.sasl.client=true
        -Djava.security.auth.login.config=/home/etozhekim/IdeaProjects/veles-core/kafka_server_jaas.conf
    volumes:
      - /home/etozhekim/IdeaProjects/veles-core/kafka_server_jaas.conf

Zookeeper is deployed without problems. But Kafka logs:

[2023-02-02 11:49:24,708] WARN SASL configuration failed. Will continue connection to Zookeeper server without SASL authentication, if Zookeeper server allows it. (org.apache.zookeeper.ClientCnxn)
javax.security.auth.login.LoginException: No JAAS configuration section named 'Client' was found in specified JAAS configuration file: '/home/etozhekim/IdeaProjects/veles-core/kafka_server_jaas.conf'

kafka_server_jaas.conf

KafkaServer {
    org.apache.kafka.common.security.scram.ScramLoginModule required
    username="kafkabroker"
    password="password";
};
Client {
    org.apache.kafka.common.security.plain.PlainLoginModule required
    username="admin"
    password="password";
};

zookeper_server_jaas.conf

Server {
  org.apache.zookeeper.server.auth.DigestLoginModule required
  user_admin="password";
};
2

I have no idea what your configuration does or even if it works. I have NEVER seen someone trying to use it like this before.

The format is /path/on/host:/path/in/container, which can optionally be followed by :ro to mount the file read-only into the container.

Also your KAFKA_OPTS: tries to use a multiline string value. What you try to do should not even be valid syntax. You either need to use the “literal style” expressed as | or the “folded style” expressed as >. Probably putting the whole content in single or double quotes might work as well.

A fix for both issue could look like this:

    ...
    environment:
    ...
      KAFKA_OPTS: >
        -Djava.security.auth.login.config=/kafka_server_jaas
        -Dquorum.auth.enableSasl=true
        -Dquorum.cnxn.threads.size=20
        -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
        -DjaasLoginRenew=3600000
        -DrequireClientAuthScheme=sasl
    ...
    volumes:
      - /home/etozhekim/IdeaProjects/veles-core/kafka_server_jaas.conf:/kafka_server_jaas.conf
1 Like