KAFKA Security error - SASL PlainText error

Question

i am new to kafka and my requirement is to implement SASL PLAINTEXT (username/ password) security in kafka broker(s). i tried different things but on success till now. what i have confs i did were

1. create kafka_server_jaas.conf file

    
      KafkaServer {
       org.apache.kafka.common.security.plain.PlainLoginModule required
    
           username="admin"
    
           password="admin-secret"
    
           user_admin="admin-secret"
    
           user_client="client-secret";
    };

2. set KAFKA_OPTS in environment variables but i also did in kafka-run-class.bat file

      set KAFKA_OPTS="-Djava.security.auth.login.config=C:\kafka\config\kafka_server_jaas.conf"

3. server.properties file has below changes

    listeners=SASL_PLAINTEXT://localhost:9092
    advertised.listeners=SASL_PLAINTEXT://localhost:9092
    security.inter.broker.protocol=SASL_PLAINTEXT
    sasl.enabled.mechanisms=PLAIN
    sasl.mechanism.inter.broker.protocol=PLAIN
    authorizer.class.name=kafka.security.authorizer.AclAuthorizer
    allow.everyone.if.no.acl.found=true
    auto-create-topics-enable=true

zookeeper is running fine but when i execute below command to run kafka server

    .\bin\windows\kafka-server-start.bat .\config\server.properties

i got below error

Error connecting to node localhost:9092 

java.io.IOException: Channel could not be created for socket java.nio.channels.SocketChannel[closed]

Caused by: org.apache.kafka.common.KafkaException: org.apache.kafka.common.errors.SaslAuthenticationException: Failed to configure SaslClientAuthenticator

Answer 1

i finally figure out the issue and fix the issue. i will share step by step information with you guys, but first of all let me tell you i am using Java 23.0.1 and Kafka 3.8.1 version. if you try to find the solution on internet, you got the same configuration settings all shared by in my case its not working and getting error "Caused by: org.apache.kafka.common.errors.SaslAuthenticationException: Failed to configure SaslClientAuthenticator Caused by: java.lang.UnsupportedOperationException: getSubject is supported only if a security manager is allowed"

so i try finding whats that getSubject and finally i came to solution is that i am not using correct version of JAVA, it will work if i downgrade to Java 11 LTS. any ways now i have to config with what i have so i did below changes to work

1. update java.policy file, at permission related to getSubject at the end of the file i.e. permission javax.security.auth.AuthPermission "getSubject";

2. add kafka.policy file under config folder of kafka with below changes

   grant { permission javax.security.auth.AuthPermission "getSubject"; };

3. update kafka_server.jaas file available under config folder of kafka with nelow changes

   KafkaServer { org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="admin-secret" user_admin="admin-secret"; }; KafkaClient { org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="admin-secret"; };

4. set kafka opts environment variable with below values

set KAFKA_OPTS=-Djava.security.auth.login.config=C:\\kafka\\config\\kafka_server_jaas.conf -Djava.security.manager=allow

5. upate server.properties file available in config folder with below values related to listeners

   listeners=SASL_PLAINTEXT://localhost:9095 security.inter.broker.protocol=SASL_PLAINTEXT sasl.mechanism.inter.broker.protocol=PLAIN sasl.enabled.mechanisms=PLAIN advertised.listeners=SASL_PLAINTEXT://localhost:9095 allow.everyone.if.no.acl.found=true auto-create-topics-enable=true zookeeper.set.acl=false

6. now run zookeeper first and then kafka both should run without throwing any error.