wrong token id using kerberos authentication

[filedesless]

Versions

Sarama Version: cd910a6
Kafka Version: unknown
Go Version: go version go1.11.6 linux/amd64

Configuration

Trying to authenticate via keytab to our Active Directory

I disabled FAST negotiation as suggested https://github.com/jcmturner/gokrb5

// from kerberos_client.go
//client = krb5client.NewClientWithKeytab(config.Username, config.Realm, kt, cfg)
client = krb5client.NewClientWithKeytab(config.Username, config.Realm, kt, cfg, krb5client.DisablePAFXFAST(true))

Logs

2019-06-12T16:23:35.656-0400	INFO	kafka/log.go:53	client/metadata fetching metadata for [<TOPIC>] from broker <BROKER>
...
2019-06-12T16:23:35.692-0400	INFO	kafka/log.go:53	Error while performing GSSAPI Kerberos Authentication: wrong Token ID. Expected 0504, was 6030
...
2019-06-12T16:23:35.727-0400	INFO	kafka/log.go:53	client/metadata got error from broker -1 while fetching metadata: wrong Token ID. Expected 0504, was 6030

Problem Description

Can't seem to connect to kafka broker using kerberos auth

[rubenvp8510]

It could be the encryption type you are using.

Please see my comments on the original PR: #1366

It that works for you we can close this.

Thanks

[d1egoaz]

@rubenvp8510 wondering if we could add some documentation regarding the kerberos support in order to tell what is and what's not supported (like rc4-hmac according the the mentioned PR)

[rubenvp8510]

@d1egoaz That definitely could help!

[ghost]

Thank you for taking the time to raise this issue. However, it has not had any activity on it in the past 90 days and will be closed in 30 days if no updates occur.
Please check if the master branch has already resolved the issue since it was raised. If you believe the issue is still valid and you would like input from the maintainers then please comment to ask for it to be reviewed.