Third party Apache Kafka service failing due to unsupported Kerberos encryption types

Solution Verified - Updated -

Issue

  • Third party Apache Kafka service failing due to unsupported Kerberos encryption types.
[2023-11-15 20:07:11,569] INFO [BrokerToControllerChannelManager id=1 name=heartbeat] Failed authentication with prod-kafka.example.test/192.168.0.1 (channelId=1) (An error: (java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - LOOKING_UP_SERVER)]) occurred when evaluating SASL token received from the Kafka Broker. This may be caused by Java's being unable to resolve the Kafka Broker's hostname correctly. You may want to try to adding '-Dsun.net.spi.nameservice.provider.1=dns,sun' to your client's JVMFLAGS environment. Users must configure FQDN of kafka brokers when authenticating using SASL and `socketChannel.socket().getInetAddress().getHostName()` must match the hostname in `principal/hostname@realm` Kafka Client will go to AUTHENTICATION_FAILED state.) (org.apache.kafka.common.network.Selector)

Environment

  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 9
  • IPA 4.x
  • Third party Apache Kafka

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content