Closed rafaelmnatali closed 1 year ago
@rafaelmnatali I got a PR where arcfour-hmac issue is resolved - you can try to apply it to your code and let me know it it works for you :) I hope it would convince @jcmturner that PR is something worth including into next release
Regarding kvno - while it is not checked in other implementations (ie Java), because RFCs of Kerberos protocol don't really enforces you to do so, this package does check that, so you would need to regenerate your keytab with expected kvno value
Thanks @MikhailMS for your feedback. I'm seeing this error in a third-party tool I'm trying to use. Will reach out to them with this fix.
Meanwhile, I think we can close this ticket.
Hello,
I'm trying to configure the Redpanda Console to authenticate with my Kafka Broker but, getting some encryption errors.
I'm using
keytabs
to authenticate to the Brokers. Currently, I'm usingkeytabs
for Kafka Connect,Kstreams
, andksql
.All the applications that currently work are
Java
. Redpanda is the firstGo
app I'm trying to integrate withKerberos
.Using the same
krb5.conf
that I use for other applications I have the following error:krb5.conf
Troubleshooting
I added the
Kerberos
client to the image and run somekerberos
commands to see if thekeytab
was ok in the Pod:after reading other issues here, I try to add
preferred_preauth_types = 23
,default_tkt_enctypes = arcfour-hmac
, anddefault_tgs_enctypes = arcfour-hmac
to the `krb5.conf. Now, I have the following error:I see that the
kvno
for mykeytab
is1
and thekvno
when usingtype=23
is8
. Not sure if this has any relation.If there is any comments/suggestion in how to proceed from here I really appreciate.
Thanks!