Disable FAST negotiation Kerberos #111
Comments
|
This might be a bug with the franz-go client's kerberos implementation. Do you want to just generally disable FAST negotiation entirely, or would you like to get it working? I may need your help debugging this in the franz-go client. |
|
It would be great to add an option to turn on/off |
|
@bad3bs I just committed a fix that allows you to configure FAST. It is enabled by default. See the new reference config: https://github.com/cloudhut/kminion/blob/30f84f50ebba412cf4194444f8e82f907a801d0d/docs/reference-config.yaml#L54 Would be nice to hear from you whether this fixes your issue. |
|
Yes this problem fixed, but no way to set SASL_PLAINTEXT |
|
What do you mean set SASL_PLAINTEXT? That's independent from kerberos? SASL_PLAINTEXT basically means speaking over a normal tcp connection (no tls), and using SASL. That's currently the example in the reference config, actually. |
|
In Kfaka server config: and encryption rc4-hmac Receive: |
|
This might be a bug in the franz-go client, and if so I'll definitely need your help to look into it. If you're up to it let me know. There's been only two users of kerberos in two years of the client, you're the second. |
|
Looks like there is a similar discusson on the Sarama repo: The encryption type rc4-hmac is apparently not supported. Can you follow the linked comment in issue 1366? |
|
Oh yes, I wanted to write the same links. :) |
|
If you're able to modify things, please let me know if kerberos works -- it'd be great to know if it actually does 😅 |
|
I suppose everything will work fine without rc4-hmac, but unfortunately I can't change the kafka settings. :) |
KRBMessage_Handling_Error: KDC did not respond appropriately to FAST negotiation
The text was updated successfully, but these errors were encountered: