使用 Kerberos 身份验证通过 SpringBoot 连接到 Kafka 时遇到问题。我正在使用具有以下详细信息的自定义 Kafka 连接管理器 -

          bootstrap-servers-sasl: node1:9094, node2:9094, node3:9094

          protocol: SASL_SSL

          mechanism: GSSAPI

          kerberos:

            service:

              name: kfkusr

          jaas: 

            config: "com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true storeKey=true keyTab=\"#keytab-name#\" principal=\"abc/node2@domain.NET\";"

where#keytab-name#将在运行时被以下值替换为 -

我的本地电脑 -C:/Users/MyPC/AppData/Local/Temp/abc.node2_d2254866264751402128.keytab

PCF-/home/vcap/tmp/abc.node2_d2215947326380395062.keytab

在本地应用程序运行良好，消息将发送到 Kafka。但是当在 PCF 上运行时失败并出现以下异常 -

2019-08-09T14:40:46.481-05:00 [APP/PROC/WEB/0] [OUT] WARN [9f-3868cbe47d81] org.apache.kafka.clients.NetworkClient o.a.k.c.NetworkClient.processDisconnection(NetworkClient.java:585) - ||||||||||||||Connection to node -1 terminated during authentication. This may indicate that authentication failed due to invalid credentials.

...

...

Failed to send; nested exception is org.apache.kafka.common.errors.TimeoutException: Failed to update metadata after 60000 ms.: org.springframework.kafka.core.KafkaProducerException: Failed to send; nested exception is org.apache.kafka.common.errors.TimeoutException: Failed to update metadata after 60000 ms

...

...

Exception thrown when sending a message with key='null' and payload='<my payload>' to topic <test_topic> :: org.apache.kafka.common.errors.TimeoutException: Failed to update metadata after 60000 ms.