Kafka with kerberos not working. giving error .. org.apache.kafka.common.errors.SaslAuthenticationException: Failed to create SaslClient with mechanism GSSAPI

Describe the bug

Trying to connect to kafka using kerberos with settings below:

kafka.ssl.truststore.location=/work/truststore.jks kafka.ssl.truststore.password=xxxxx kafka.ssl.endpoint.identification.algorithm=https kafka.sasl.mechanism=GSSAPI kafka.security.protocol=SASL_SSL kafka.sasl.jaas.config=com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true doNotPrompt=true keyTab="file:/work/sample.keytab" storeKey=true useTicketCache=false debug=true principal="user@user.com"; kafka.sasl.kerberos.service.name=kafka mp.messaging.incoming.events.connector=smallrye-kafka mp.messaging.incoming.events.topic=testtopic mp.messaging.incoming.events.group.id=eviq5555-test mp.messaging.incoming.events.client.id=eviq-test mp.messaging.incoming.events.key.deserializer=org.apache.kafka.common.serialization.StringDeserializer mp.messaging.incoming.events.value.deserializer=org.apache.kafka.common.serialization.StringDeserializer mp.messaging.incoming.events.enable.auto.commit=false mp.messaging.incoming.events.auto.offset.reset=earliest quarkus.ssl.native=true quarkus.native.additional-build-args=--initialize-at-run-time=org.apache.kafka.common.security.kerberos.KerberosLogin, -J-Djava.security.krb5.conf=/etc/krb5.conf, -J-Djava.security.krb5.realm=xxx, -J-Djava.security.krb5.kdc=xxxx, -J-Djavax.net.ssl.trustStore=/work/truststore.jks,-J-Djavax.net.ssl.trustStorePassword=xxx quarkus.native.enable-all-security-services=true

Expected behavior

The app is connecting in jvm mode so I expect it to connect in native mode.

Actual behavior

Instead of successful connection, I am getting following error below Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is /work/D_HUB.keytab refreshKrb5Config is false principal is SI_xxx tryFirstPass is false useFirstPass is false storePass is false clearPass is false principal is SI_xxxx Will use keytab Commit Succeeded .

2021-08-12 18:40:26,866 INFO [org.apa.kaf.com.sec.aut.AbstractLogin] (main) Successfully logged in. 2021-08-12 18:40:26,867 DEBUG [org.apa.kaf.com.sec.ssl.DefaultSslEngineFactory] (main) Created SSL context with keystore null, truststore SecurityStore(path=/work/truststore.jks, modificationTime=Thu Aug 12 18:38:16 GMT 2021), provider SunJSSE. 2021-08-12 18:40:26,868 DEBUG [org.apa.kaf.cli.con.KafkaConsumer] (main) [Consumer clientId=test, groupId=test] Kafka consumer initialized

Failed to create channel due to : org.apache.kafka.common.errors.SaslAuthenticationException: Failed to configure SaslClientAuthenticator Caused by: org.apache.kafka.common.errors.SaslAuthenticationException: Failed to create SaslClient with mechanism GSSAPI Caused by: javax.security.sasl.SaslException: Failure to initialize security context [Caused by GSSException: sun.security.jgss.krb5.Krb5MechFactory configured by SunJGSS for GSS-API Mechanism Factory cannot be created] at com.sun.security.sasl.gsskerb.GssKrb5Client.(GssKrb5Client.java:160) at com.sun.security.sasl.gsskerb.FactoryImpl.createSaslClient(FactoryImpl.java:63) at javax.security.sasl.Sasl.createSaslClient(Sasl.java:433) at org.apache.kafka.common.security.authenticator.SaslClientAuthenticator.lambda$createSaslClient$0(SaslClientAuthenticator.java:219) Caused by: GSSException: sun.security.jgss.krb5.Krb5MechFactory configured by SunJGSS for GSS-API Mechanism Factory cannot be created at sun.security.jgss.ProviderList.createGSSException(ProviderList.java:334) at sun.security.jgss.ProviderList.getMechFactoryImpl(ProviderList.java:313) at sun.security.jgss.ProviderList.getMechFactory(ProviderList.java:242) at sun.security.jgss.ProviderList.getMechFactory(ProviderList.java:200) at sun.security.jgss.ProviderList.getMechFactory(ProviderList.java:171) at sun.security.jgss.GSSManagerImpl.getNameElement(GSSManagerImpl.java:196) at sun.security.jgss.GSSNameImpl.getElement(GSSNameImpl.java:478) at sun.security.jgss.GSSNameImpl.init(GSSNameImpl.java:201) at sun.security.jgss.GSSNameImpl.(GSSNameImpl.java:170) at sun.security.jgss.GSSManagerImpl.createName(GSSManagerImpl.java:132) at com.sun.security.sasl.gsskerb.GssKrb5Client.(GssKrb5Client.java:108) ... 38 more Caused by: java.lang.ClassNotFoundException: sun.security.jgss.krb5.Krb5MechFactory at com.oracle.svm.core.hub.ClassForNameSupport.forName(ClassForNameSupport.java:64) at java.lang.ClassLoader.loadClass(ClassLoader.java:290) at sun.security.jgss.ProviderList.getMechFactoryImpl(ProviderList.java:293) ... 47 more

How to Reproduce?

No response

Output of `uname -a` or `ver`

No response

Output of `java -version`

GraalVM version (if different from Java)

No response

Quarkus version or git rev

2.0.2.Final

Build tool (ie. output of `mvnw --version` or `gradlew --version`)

No response

Additional information

I used mvn package -Pnative with options -Dquarkus.native.container-build=true -Dquarkus.container-image.build=false -Dquarkus.native.builder-image=quay.io/quarkus/ubi-quarkus-mandrel:21.1-java11

quarkusio / quarkus