enabled mechanisms are [] Unexpected handshake request with client mechanism SCRAM-SHA-512

原创 于 2025-06-26 13:54:06 发布 · 1k 阅读 · 16 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#笔记

目录标题

排查思路

Kafka 服务端没有启用任何认证机制,但客户端试图使用 SCRAM-SHA-512 认证机制进行连接。

日志关键:

enabled mechanisms are []
Unexpected handshake request with client mechanism SCRAM-SHA-512

✅ 立即检查并修复服务端 Kafka 配置

你需要到所有 Kafka Broker 节点的 server.properties 中添加以下配置,然后重启 Kafka:

🛠 1. 修改 server.properties

###################### Listener 设置 ##########################
listeners=SASL_PLAINTEXT://0.0.0.0:9092
advertised.listeners=SASL_PLAINTEXT://<本机IP或域名>:9092
listener.security.protocol.map=SASL_PLAINTEXT:SASL_PLAINTEXT
security.inter.broker.protocol=SASL_PLAINTEXT

###################### SASL 配置 ##############################
sasl.enabled.mechanisms=SCRAM-SHA-512
sasl.mechanism.inter.broker.protocol=SCRAM-SHA-512
  • advertised.listeners 中的 <本机IP或域名> 一定要填写客户端访问能通的地址。
  • 多 Broker 环境要每个节点都配置且保持一致

🔐 2. 使用 kafka-configs.sh 设置 Kafka 用户密码(如果尚未设置)

bin/kafka-configs.sh \
  --zookeeper <zk地址:2181> \
  --alter \
  --add-config 'SCRAM-SHA-512=[iterations=4096,password=你的密码]' \
  --entity-type users \
  --entity-name kafka-6ffded0a-admin1

🔁 3. 重启 Kafka 所有 Broker 节点

# 示例(systemd)
sudo systemctl restart kafka

# 或 docker/k8s:
docker restart <容器名>

✅ 验证是否生效

查看服务端日志是否注册认证机制成功:

grep SASL /logs/server.log

应看到:

[KafkaServer id=0] SASL authentication enabled for mechanism: SCRAM-SHA-512

✅ 客户端连接配置回顾

确保你的客户端或 Web UI(如 Know Streaming)配置类似:

security.protocol=SASL_PLAINTEXT
sasl.mechanism=SCRAM-SHA-512
sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="kafka-6ffded0a-admin1" password="你的密码";

🧠 附:典型错误对照表

错误提示原因解决方式
Unexpected handshake request with client mechanism SCRAM-SHA-512, enabled mechanisms are []服务端没启用任何 SASL 机制设置 sasl.enabled.mechanisms,启用并重启 Kafka
Authentication failed: Invalid username or password用户未创建或密码错误kafka-configs.sh 创建用户或改密码
No suitable mechanism客户端机制和服务端机制不一致客户端和服务端都使用 SCRAM-SHA-512

如果你愿意提供:

  • 当前 server.properties
  • Kafka 版本(是否是 KRaft 模式)
  • 运行方式(systemd、Docker、Kubernetes)

我可以为你生成一份 可直接使用的 Kafka 启动配置模板 + 客户端配置 + 用户创建脚本,是否需要?

不想动客户端的配置

你当前的 Kafka 是由 Strimzi Operator 管理的,并且你遇到的问题是客户端使用 SCRAM-SHA-512 连接 Kafka,但服务端未启用该认证机制(sasl.enabled.mechanisms= 是空的)。你又提到:

“不想动客户端的配置”

也就是说你希望 Kafka 服务端去支持 SCRAM-SHA-512,而不是改 Web UI / 客户端配置。那我们来走标准的 Strimzi 方式 来配置 SASL 认证机制并启用 SCRAM-SHA-512

✅ 目标

让当前 Kafka 支持 SASL_PLAINTEXT + SCRAM-SHA-512,使客户端连接无需变更即可通过认证。

✅ 正确做法(在 Strimzi 环境下)

不能直接改 /tmp/strimzi.properties,因为:

它是由 Strimzi Operator 控制器动态生成的。手动修改会被覆盖。

你需要:修改 Kafka CR(自定义资源)对象,这是 Strimzi 推荐的做法。

✅ 步骤一:编辑 Kafka CR 启用 SASL 机制

  1. 找到你的 Kafka CR 名称:
kubectl get kafka -n <namespace>

假设是 kafka-6ffded0a,命名空间是 qfusion-admin

  1. 编辑 Kafka CR:
kubectl edit kafka kafka-6ffded0a -n qfusion-admin
  1. spec.kafka.listeners 下添加(或补全)如下配置:
listeners:
  - name: plain
    port: 9092
    type: internal
    tls: false
    authentication:
      type: scram-sha-512

表示 PLAIN-9092 使用 SASL_PLAINTEXT + SCRAM-SHA-512

你也可以为 externaltls listener 配置 scram-sha-512,例如:

  - name: external
    port: 32464
    type: nodeport
    tls: false
    authentication:
      type: scram-sha-512

保存并退出后,Strimzi 会自动重建 Broker 配置和重启相关 Pod

✅ 步骤二:创建 Kafka 用户并配置密码

Strimzi 中 Kafka 用户是通过 KafkaUser 资源管理的:

  1. 创建 KafkaUser 资源:
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaUser
metadata:
  name: kafka-6ffded0a-admin1
  namespace: qfusion-admin
spec:
  authentication:
    type: scram-sha-512
  authorization:
    type: simple

保存为 admin-user.yaml,然后执行:

kubectl apply -f admin-user.yaml
  1. 查看生成的密码:
kubectl get secret kafka-6ffded0a-admin1 -n qfusion-admin -o jsonpath='{.data.password}' | base64 -d

把这个密码记录下来,不用改客户端配置,只确保 Kafka 服务端支持它

✅ 步骤三:验证 Kafka 是否生效

确认启动后的 Kafka Pod 日志包含:

Enabled mechanisms: [SCRAM-SHA-512]

✅ 结论

目标操作
不动客户端配置✅ Kafka 启用 SASL SCRAM-SHA-512,兼容原客户端配置
由 Strimzi 管控服务端配置✅ 修改 Kafka CR,不能直接改 /tmp/strimzi.properties
需要账号密码✅ 使用 KafkaUser CR 生成账号和密码

📌 需要我帮你生成完整的 Kafka CR 和 KafkaUser YAML 吗?

如果你告诉我你监听器的类型(内网?NodePort?LoadBalancer?TLS?),我可以直接为你生成一份可应用的 Strimzi Kafka 配置和用户密码读取方式。是否继续?

不动 Kafka 服务端配置

如果你不动 Kafka 服务端配置(即不启用 SCRAM-SHA-512 认证),而想让客户端连接成功,你必须改客户端配置 —— 因为当前服务端的配置如下:

sasl.enabled.mechanisms=

也就是说:

🔴 Kafka 服务端没有开启任何认证机制(即:纯 PLAINTEXT 模式,不需要认证,开箱即连)。

✅ 客户端该如何改才能成功连上?

🔧 替换为无认证的 PLAINTEXT 配置

把客户端配置中这部分:

security.protocol=SASL_PLAINTEXT
sasl.mechanism=SCRAM-SHA-512
sasl.jaas.config=...

改成最简单的无认证连接配置:

security.protocol=PLAINTEXT

✅ 示例 client.properties(用于 kafka-console 或 Java/KnowStreaming 客户端)

bootstrap.servers=10.10.66.151:32464
security.protocol=PLAINTEXT
  • 不要配置 sasl.mechanismsasl.jaas.config 等字段
  • 如果你是 Spring Boot 应用或 Kafka UI 工具(如 KnowStreaming),配置中也应去掉对应认证部分。

❗否则为什么连不上?

如果客户端配置是:

security.protocol=SASL_PLAINTEXT
sasl.mechanism=SCRAM-SHA-512

但服务端没有启用任何机制,Kafka 会报错:

IllegalSaslStateException: Unexpected handshake request with client mechanism SCRAM-SHA-512, enabled mechanisms are []

意思是客户端握手时尝试用 SCRAM-SHA-512,服务端却说:“我啥认证机制都没启用”,自然连接失败。

✅ 你可以这样验证一下

执行不带认证的命令(例如列出 Topic):

kafka-topics.sh --bootstrap-server 10.10.66.151:32464 --list

如果你之前用的是带认证的命令:

kafka-topics.sh --bootstrap-server 10.10.66.151:32464 \
  --command-config client.properties \
  --list

就把 client.properties 改成只含:

security.protocol=PLAINTEXT

✅ 总结

你想做什么操作建议
不改服务端,只让客户端能连通✅ 把客户端配置改成 security.protocol=PLAINTEXT
客户端不能改,只能服务器配合需要配置服务端启用 SCRAM-SHA-512(见上文)
服务端和客户端都想用 SCRAM 安全方式推荐使用 Strimzi 的 KafkaUser 和认证配置

如你告诉我你现在的客户端环境(Spring Boot?Python?Kafka Console?还是 Kafka UI 工具如 KnowStreaming?),我可以给你最适配的配置修改模板。是否继续?

【kafka】Unexpected handshake request with client mechanism GSSAPI, enabled mechanisms are
九师兄
01-06 1万+
1.概述 首先参考kafka的配置环境:【kafka】kerberos认证下 kafka 报错Bootstrap broker host:ip (id: -1 rack: null) disconnected ,然后我想在本地消费试试。 结果运行报错:Unexpected handshake request with client mechanism GSSAPI, enabled mechanisms are [] 然后写了如下代码 public void commonConsumer() {
Kafka系列之:Unexpected handshake request with client mechanism PLAIN, enabled mechanisms are []
zhengzaifeidelushang的博客
05-06 5751
Kafka系列之:Unexpected handshake request with client mechanism PLAIN, enabled mechanisms are []
【Kafka】Kafka connection to node 0 failed authentication due to SSL handshake failed
九师兄
08-11 3750
1.概述 背景参考:【Kafka】Kafka 配置 SASL_SSL jks鉴权验证方式 参考这个配置了kafka SASL_SSL环境。 参考:【Kafka】Kafka如何开启SSL 控制台消费与生产 代码消费与生产 参考这个里面有个脚本如下 #! /bin/bash echo "Step1: Config env" BASE_DIR=/Users/lcc/soft/kafka/kafka_2.11-1.1.0_author CERT_OUTPUT_PATH="$BASE_DIR/certificat.
springboot kafka SASL_SSL SCRAM-SHA-512 ,外加打包jar读不到.jks文件解决方法
万事俱备,就差一个程序员了
08-13 2288
springboot kafka SASL_SSL SCRAM-SHA-512 ,外加打包jar读不到.jks文件解决方法 配置文件: kafka: ssl: truststore-location: D:\client_truststore.jks truststore-password: asfaf 配置类: import org.apache.commons.io.FileUtils; import org.apache.kafka.clients.co...
Kafka 集群配置SASL+ACL
qq_39458487的博客
03-28 6285
Kafka 集群配置SASL+ACL 一、简介 在Kafka0.9版本之前,Kafka集群时没有安全机制的。Kafka Client应用可以通过连接Zookeeper地址,例如zk1:2181:zk2:2181,zk3:2181等。来获取存储在Zookeeper中的Kafka元数据信息。拿到Kafka Broker地址后,连接到Kafka集群,就可以操作集群上的所有主题了。由于没有权限控制,集群核心的业务主题时存在风险的。 本文主要使用SASL+ACL 二、技术关键点 配置文件 修改broker启动所需
【Spring Boot】集成Kafka实现消息发送和订阅
xunming的专栏
08-29 6517
使用spring boot和kafka实现消息订阅和发送
Kafka集群启动报错:failed authentication due to invalid credentials with SASL mechanism
企业实战系列集 ●●● https://ximenjianxue.blog.youkuaiyun.com
09-02 9166
完成后再次重启,执行:/data1/kafka/bin/kafka-server-start.sh -daemon /data1/kafka/config/server.properties,kafka虽然还是报错一些信息,但kafka server已能正常启动完成。2、zookeeper没有对应账号的信息,broker请求时无法正确连接zookeeper endpoint,导致授权失败,无法连接;现场环境:独立zookeeper 3.8.2,kafka:2.13-3.5.1。
Debezium报错处理系列之七十八:Client SASL mechanismSCRAM-SHA-256‘ not enabled in the server, enabled mechanis
zhengzaifeidelushang的博客
06-27 1090
Debezium报错处理系列之七十八:Client SASL mechanism 'SCRAM-SHA-256' not enabled in the server, enabled mechanisms are [PLAIN]
[root@yfw ~]# cd /www/wwwroot/szrengjing.com [root@yfw szrengjing.com]# curl -v \ > -H "Content-Type: text/xml" \ > -d '<body rid="123456789" xmlns="http://jabber.org/protocol/httpbind"/>' \ > https://zxkf.szrengjing.com/http-bind * Trying 124.71.230.244... * TCP_NODELAY set * Connected to zxkf.szrengjing.com (124.71.230.244) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, [no content] (0): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, [no content] (0): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, [no content] (0): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, [no content] (0): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, [no content] (0): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: CN=zxkf.szrengjing.com * start date: Oct 13 03:37:58 2025 GMT * expire date: Jan 11 03:37:57 2026 GMT * subjectAltName: host "zxkf.szrengjing.com" matched cert's "zxkf.szrengjing.com" * issuer: C=US; O=Let's Encrypt; CN=R12 * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * TLSv1.3 (OUT), TLS app data, [no content] (0): * TLSv1.3 (OUT), TLS app data, [no content] (0): * TLSv1.3 (OUT), TLS app data, [no content] (0): * Using Stream ID: 1 (easy handle 0x55dd989e8690) * TLSv1.3 (OUT), TLS app data, [no content] (0): > POST /http-bind HTTP/2 > Host: zxkf.szrengjing.com > User-Agent: curl/7.61.1 > Accept: */* > Content-Type: text/xml > Content-Length: 67 > * TLSv1.3 (OUT), TLS app data, [no content] (0): * We are completely uploaded and fine * TLSv1.3 (IN), TLS handshake, [no content] (0): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.3 (IN), TLS handshake, [no content] (0): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.3 (IN), TLS app data, [no content] (0): * Connection state changed (MAX_CONCURRENT_STREAMS == 128)! * TLSv1.3 (OUT), TLS app data, [no content] (0): * TLSv1.3 (IN), TLS app data, [no content] (0): < HTTP/2 200 < server: nginx < date: Fri, 31 Oct 2025 08:41:19 GMT < content-type: text/xml;charset=utf-8 < content-length: 730 < access-control-allow-methods: CANCELUPLOAD, HEAD, MKCOL, UNCHECKOUT, POST, CHECKIN, CHECKOUT, PROPFIND, LOCK, VERSION-CONTROL, COPY, REPORT, OPTIONS, PUT, DELETE, GETLIB, MOVE, GET, UPDATE, PROPPATCH, UNLOCK < access-control-allow-headers: Destination, Overwrite, X-Requested-With, Cache-Control, X-File-Name, User-Agent, X-File-Size, If-Modified-Since, Depth, Content-Type < access-control-max-age: 86400 < vary: Accept-Encoding < set-cookie: server_name_session=30cfff002de8f66adfef6602044f67bf; Max-Age=86400; httponly; path=/ < set-cookie: SITE_TOTAL_ID=a65fdf7026f86b882aa24da596e45305; Path=/; Max-Age=259200000; HttpOnly < strict-transport-security: max-age=31536000 < * Connection #0 to host zxkf.szrengjing.com left intact <body xmlns="http://jabber.org/protocol/httpbind" xmlns:stream="http://etherx.jabber.org/streams" from="localhost" authid="8bcy8362au" sid="8bcy8362au" secure="true" requests="2" inactivity="30" polling="5" wait="60"><stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>ANONYMOUS</mechanism><mechanism>SCRAM-SHA-1</mechanism><mechanism>CRAM-MD5</mechanism><mechanism>PADE</mechanism><mechanism>DIGEST-MD5</mechanism><mechanism>JIVE-SHAREDSECRET</mechanism></mechanisms><register xmlns="http://jabber.org/features/iq-register"/><bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"/><session xmlns="urn:ietf:params:xml:ns:xmpp-session"><optional/></session></stream:features></body>[root@yfw szrengjing.com]# [root@yfw szrengjing.com]# curl -v \ > -H "Content-Type: text/xml" \ > -d '<body rid="123456789" xmlns="http://jabber.org/protocol/httpbind"/>' \ > https://zxkf.szrengjing.com/http-bind * Trying 124.71.230.244... * TCP_NODELAY set * Connected to zxkf.szrengjing.com (124.71.230.244) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, [no content] (0): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, [no content] (0): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, [no content] (0): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, [no content] (0): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, [no content] (0): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: CN=zxkf.szrengjing.com * start date: Oct 13 03:37:58 2025 GMT * expire date: Jan 11 03:37:57 2026 GMT * subjectAltName: host "zxkf.szrengjing.com" matched cert's "zxkf.szrengjing.com" * issuer: C=US; O=Let's Encrypt; CN=R12 * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * TLSv1.3 (OUT), TLS app data, [no content] (0): * TLSv1.3 (OUT), TLS app data, [no content] (0): * TLSv1.3 (OUT), TLS app data, [no content] (0): * Using Stream ID: 1 (easy handle 0x556749a3f690) * TLSv1.3 (OUT), TLS app data, [no content] (0): > POST /http-bind HTTP/2 > Host: zxkf.szrengjing.com > User-Agent: curl/7.61.1 > Accept: */* > Content-Type: text/xml > Content-Length: 67 > * TLSv1.3 (OUT), TLS app data, [no content] (0): * We are completely uploaded and fine * TLSv1.3 (IN), TLS handshake, [no content] (0): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.3 (IN), TLS handshake, [no content] (0): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.3 (IN), TLS app data, [no content] (0): * Connection state changed (MAX_CONCURRENT_STREAMS == 128)! * TLSv1.3 (OUT), TLS app data, [no content] (0): * TLSv1.3 (IN), TLS app data, [no content] (0): < HTTP/2 200 < server: nginx < date: Fri, 31 Oct 2025 08:42:06 GMT < content-type: text/xml;charset=utf-8 < content-length: 730 < access-control-allow-methods: CANCELUPLOAD, HEAD, MKCOL, UNCHECKOUT, POST, CHECKIN, CHECKOUT, PROPFIND, LOCK, VERSION-CONTROL, COPY, REPORT, OPTIONS, PUT, DELETE, GETLIB, MOVE, GET, UPDATE, PROPPATCH, UNLOCK < access-control-allow-headers: Destination, Overwrite, X-Requested-With, Cache-Control, X-File-Name, User-Agent, X-File-Size, If-Modified-Since, Depth, Content-Type < access-control-max-age: 86400 < vary: Accept-Encoding < set-cookie: server_name_session=30cfff002de8f66adfef6602044f67bf; Max-Age=86400; httponly; path=/ < set-cookie: SITE_TOTAL_ID=f919b89e82b343cdd1f0e54478077ea3; Path=/; Max-Age=259200000; HttpOnly < strict-transport-security: max-age=31536000 < * Connection #0 to host zxkf.szrengjing.com left intact <body xmlns="http://jabber.org/protocol/httpbind" xmlns:stream="http://etherx.jabber.org/streams" from="localhost" authid="5u0sqpvmu9" sid="5u0sqpvmu9" secure="true" requests="2" inactivity="30" polling="5" wait="60"><stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>ANONYMOUS</mechanism><mechanism>SCRAM-SHA-1</mechanism><mechanism>CRAM-MD5</mechanism><mechanism>PADE</mechanism><mechanism>DIGEST-MD5</mechanism><mechanism>JIVE-SHAREDSECRET</mechanism></mechanisms><register xmlns="http://jabber.org/features/iq-register"/><bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"/><session xmlns="urn:ietf:params:xml:ns:xmpp-session"><optional/></session></stream:features></body>[root@yfw szrengjing.com]# <body xmlns='http://jabber.org/protocol/httpbind' -bash: body: No such file or directory [root@yfw szrengjing.com]# sid='abc123def456ghi789' [root@yfw szrengjing.com]# wait='60' [root@yfw szrengjing.com]# ver='1.6' [root@yfw szrengjing.com]# from='zxkf.szrengjing.com' [root@yfw szrengjing.com]# hold='1' [root@yfw szrengjing.com]# ack='1'> -bash: syntax error near unexpected token `newline' [root@yfw szrengjing.com]# </body> -bash: syntax error near unexpected token `newline' [root@yfw szrengjing.com]#
11-01
<mechanism>SCRAM-SHA-1</mechanism> ... </mechanisms> <register xmlns="http://jabber.org/features/iq-register"/> <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"/> ...
[2025-03-11 16:35:35,338] INFO [SocketServer listenerType=ZK_BROKER, nodeId=1] Failed authentication with /172.25.1.120 (channelId=172.25.1.120:9092-172.25.1.120:15328-19) (Unexpected Kafka request of type METADATA during SASL handshake.) (org.apache.kafka.common.network.Selector)
03-12
WARN [SocketServer listenerType=ZK_BROKER, nodeId=0] Unexpected request type METADATA during SASL handshake (org.apache.kafka.common.network.Selector) ``` 此类日志表明认证流程被元数据请求中断,需...
Kafka SASL配置 & Demo测试
Be yourself.
03-14 2万+
引言 接到一个任务,调查一下Kafka的权限机制。捣鼓了2天,终于弄出来了。期间走了不少的坑。还有一堆不靠谱的家伙的博客。 Kafka版本 1.0.0 Scala 2.11 ZooKeeper 2.4.10 根据Kafka的官网文档可知,Kafka的权限认证主要有如下三种: SSL SASL(Kerberos) keytool&amp;amp;amp;amp;opssl脚本配置证书 SASL/PLAIN...
kafka SASL认证失败原因(failed authentication due to: Authentication failed: Invalid username or password)
热门推荐
攻防人生3722的博客
08-14 2万+
最近在Linux系统搭建kafka的过程中,为了安全性,使用了SASL的认证模式,遇到如下报错? ERROR [KafkaServer id=0] Connection to node 0 (hh.com/ip:9092) failed authentication due to: Authentication failed: Invalid username or password (org.apache.kafka.clients.NetworkClient) [2021-7-14 16:52:]
aws msk加密方式和问控制连接方式
zhaojiew的学习笔记
05-25 1773
aws msk加密方式和问控制连接方式
Debezium系列之:记录数据库升级对Debezium的影响
zhengzaifeidelushang的博客
07-11 776
Debezium系列之:记录数据库升级对Debezium的影响
Springboot集成使用阿里云kafka详细步骤
直到世界的尽头
03-29 9975
转载请注明出处:Springboot集成使用阿里云kafka详细步骤 明确连接认证类型 首先要明确使用哪种连接认证类型 Ons模式参考 https://github.com/AliwareMQ/aliware-kafka-demos/tree/master/kafka-java-demo/beta Ons模式的conf内容 KafkaClient { com.aliyun.open...
logstash配置kafka输入 无法获取kafka数据 报错
cagezxy的博客
11-04 6762
logstash 配置kafka 接入kafka 认证
【kafka】Kafka 集群配置SASL+ACL
九师兄
01-04 1898
1.概述 转载:https://www.cnblogs.com/xiao987334176/p/10110389.html 想根据这个做个试验,但是现在不行试试。以后用的时候试试 一、简介 在Kafka0.9版本之前,Kafka集群时没有安全机制的。Kafka Client应用可以通过连接Zookeeper地址,例如zk1:2181:zk2:2181,zk3:2181等。来获取存储在Zookeeper中的Kafka元数据信息。拿到Kafka Broker地址后,连接到Kafka集群,就可以操作集群上的所有主
The mechanism name '' is not supported. The supported mechanisms are ('SCRAM-SHA-1', 'SCRAM-SHA-1-PLUS', 'SCRAM-SHA-256', 'SCRAM-SHA-256-PLUS', 'SCRAM-SHA-512', 'SCRAM-SHA-512-PLUS', 'SCRAM-SHA3-512', 'SCRAM-SHA3-512-PLUS').
最新发布
11-25
该错误表明使用的认证机制名称不被支持,系统仅支持 'SCRAM-SHA-1'、'SCRAM-SHA-1-PLUS'、'SCRAM-SHA-256'、'SCRAM-SHA-256-PLUS'、'SCRAM-SHA-512'、'SCRAM-SHA-512-PLUS'、'SCRAM-SHA3-512'、'SCRAM-SHA3-512-PLUS' 这些机制。以下是可能的解决方案: ### 检查并修正认证机制名称 确保在代码或配置中使用的认证机制名称是支持的名称之一。例如,若代码里写成了错误的机制名,要修改为正确的。如在使用认证时,代码可能是这样错误的: ```python # 错误示例 wrong_mechanism = "" # 需要修改为正确的机制名,如 correct_mechanism = "SCRAM-SHA-256" ``` ### 注册支持的机制 如果是在使用 Tigase 等系统,可参考引用[2]的方式注册支持的机制。下面是 Java 代码示例: ```java import tigase.sasl.SCRAMSHA1Mechanism; import tigase.sasl.SASLAuthentication; public class SASLRegistration { public static void main(String[] args) { SCRAMSHA1Mechanism scramSHA1Mechanism = new SCRAMSHA1Mechanism(); SASLAuthentication.registerSASLMechanism(scramSHA1Mechanism); } } ``` ### 检查数据库用户认证配置 对于数据库(如 MongoDB),要保证数据库用户创建和认证时使用的是支持的认证机制。参考引用[3],若使用 'SCRAM-SHA-1' 机制认证出错,可尝试重新创建用户: ```javascript // MongoDB 创建用户示例 db.createUser( { user: "root", pwd: "123456", roles: ["readWrite"] } ) ``` ### 检查用户加密方式 若涉及加密方式,如 PostgreSQL 的 `scram-sha-256` 加密,可参考引用[4]查看哪些用户需要修改成 `scram-sha-256` 加密方式: ```sql SELECT rolname, rolpassword ~ '^SCRAM-SHA-256\$' AS has_upgraded FROM pg_authid WHERE rolcanlogin; ```
评论
成就一亿技术人!
拼手气红包6.0元
还能输入1000个字符
 
红包 添加红包
表情包 插入表情
表情包 代码片
 条评论被折叠 查看
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值