topic Re: Kafka Target Kerberos issue in Qlik Replicate https://community.qlik.com/t5/Qlik-Replicate/Kafka-Target-Kerberos-issue/m-p/1810490#M912 <P>Ok I reply my own question because I finally found the root cause. I was saying the the kinit command was working using the attunity user but this was before sourcing the arep_login.sh script!</P><P>&nbsp;</P><LI-CODE lang="markup">[attunity@ ~]$ source /opt/attunity/replicate/bin/arep_login.sh [attunity@ ~]$ kinit -R -t "/etc/security/keytabs/dev_attunity.keytab" -k dev_attunity@BIGEYS.PRIV || kinit -t "/etc/security/keytabs/dev_attunity.keytab" -k dev_attunity@BIGEYS.PRIV kinit: relocation error: kinit: symbol krb5_get_init_creds_opt_set_pac_request, version krb5_3_MIT not defined in file libkrb5.so.3 with link time reference kinit: relocation error: kinit: symbol krb5_get_init_creds_opt_set_pac_request, version krb5_3_MIT not defined in file libkrb5.so.3 with link time reference</LI-CODE><P>&nbsp;</P><P>Best,</P><P>Jerome</P> Tue, 25 May 2021 19:20:54 GMT jrevillard 2021-05-25T19:20:54Z Kafka Target Kerberos issue https://community.qlik.com/t5/Qlik-Replicate/Kafka-Target-Kerberos-issue/m-p/1810437#M910 <P>Hello,</P><P>I'm trying to make a SASL_SSL GSSAPI authentication working with a Kafka target but I get the following error when I test the connection:</P><LI-CODE lang="markup">00016339: 2021-05-25T16:59:07:853020 [SERVER ]V: initializing kerberos. (queue_imp.c:836) 00016339: 2021-05-25T16:59:07:853049 [SERVER ]V: kafka_kerberos_init: -&gt; (kafka_kerberos.c:28) 00016339: 2021-05-25T16:59:07:853152 [SERVER ]V: get env value (kafka_kerberos.c:43) 00016339: 2021-05-25T16:59:07:853243 [SERVER ]V: get ticket file (kafka_kerberos.c:45) 00016339: 2021-05-25T16:59:07:853327 [SERVER ]V: inside kafkakrb_get_ticket_cache_file (kafka_kerberos.c:229) 00016339: 2021-05-25T16:59:07:853415 [SERVER ]T: Kafka Kerberos cache file: '/data/attunity_replicate_data/tmp/kafka.ticket' (kafka_kerberos.c:240) 00016339: 2021-05-25T16:59:07:853488 [SERVER ]V: set new value (kafka_kerberos.c:48) 00016339: 2021-05-25T16:59:07:853502 [SERVER ]V: kafka_kerberos_init: &lt;- (kafka_kerberos.c:54) 00016339: 2021-05-25T16:59:07:853517 [SERVER ]V: allocating message tracker. (queue_imp.c:839) 00016339: 2021-05-25T16:59:07:859396 [SERVER ]T: kafka publish option is 0 (queue_imp.c:851) 00016339: 2021-05-25T16:59:07:859457 [SERVER ]V: running on design mode; limiting queue client timeout if applicable (queue_imp.c:895) 00016339: 2021-05-25T16:59:07:859466 [SERVER ]V: allocating client. (queue_imp.c:906) 00016339: 2021-05-25T16:59:07:859482 [SERVER ]V: configuring kafka client (kafka_client.c:515) 00016339: 2021-05-25T16:59:07:859537 [SERVER ]V: configuring timeout for kafka client - design mode (kafka_client.c:571) 00016339: 2021-05-25T16:59:07:859547 [SERVER ]V: setting 'metadata.request.timeout.ms' to '50000' (kafka_client.c:395) 00016339: 2021-05-25T16:59:07:859584 [SERVER ]V: setting 'socket.timeout.ms' to '50000' (kafka_client.c:401) 00016339: 2021-05-25T16:59:07:859599 [SERVER ]V: kafkac_set_main_handle_security_protocol: -&gt; (kafka_client.c:413) 00016339: 2021-05-25T16:59:07:859614 [SERVER ]T: changing security.protocol default value (kafka_client.c:422) 00016339: 2021-05-25T16:59:07:859622 [SERVER ]T: set security.protocol=SASL_SSL (kafka_client.c:442) 00016339: 2021-05-25T16:59:07:859631 [SERVER ]V: kafkac_set_main_handle_sasl_mechanisms_property: -&gt; (kafka_client.c:452) 00016339: 2021-05-25T16:59:07:859639 [SERVER ]T: set sasl.mechanisms to GSSAPI (kafka_client.c:456) 00016339: 2021-05-25T16:59:07:859648 [SERVER ]V: kafkac_set_main_handle_sasl_mechanisms_property: &lt;- (kafka_client.c:479) 00016339: 2021-05-25T16:59:07:859687 [SERVER ]T: RDKAFKA - 7 - SASL: [thrd:app]: Selected provider Cyrus for SASL mechanism GSSAPI (kafka_client.c:184) 00016339: 2021-05-25T16:59:07:859718 [SERVER ]T: RDKAFKA - 7 - SASLREFRESH: [thrd:app]: Refreshing Kerberos ticket with command: kinit -R -t "/etc/security/keytabs/dev_attunity.keytab" -k dev_attunity@BIGEYS.PRIV || kinit -t "/etc/security/keytabs/dev_attunity.keytab" -k dev_attunity@BIGEYS.PRIV (kafka_client.c:184) 00016339: 2021-05-25T16:59:07:871142 [SERVER ]T: RDKAFKA - 3 - SASLREFRESH: [thrd:app]: Kerberos ticket refresh failed: kinit -R -t "/etc/security/keytabs/dev_attunity.keytab" -k dev_attunity@BIGEYS.PRIV || kinit -t "/etc/security/keytabs/dev_attunity.keytab" -k dev_attunity@BIGEYS.PRIV: exited with code 127 (kafka_client.c:184)</LI-CODE><P>&nbsp;</P><P>Of course, later in the logs I get:</P><LI-CODE lang="markup">00016347: 2021-05-25T16:59:07:903408 [SERVER ]T: RDKAFKA - 3 - FAIL: [thrd:sasl_ssl://XXXXXXXXXX:6668/bootstrap]: sasl_ssl://XXXXXXXXX:6668/bootstrap: Failed to initialize SASL authentication: SASL handshake failed (start (-1)): SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available) (after 1ms in state AUTH_REQ) [1022601] (kafka_client.c:179</LI-CODE><P>&nbsp;</P><P>If I run this command `kinit -R -t "/etc/security/keytabs/dev_attunity.keytab" -k dev_attunity@BIGEYS.PRIV || kinit -t "/etc/security/keytabs/dev_attunity.keytab" -k <A href="mailto:dev_attunity@BIGEYS.PRIV`" target="_blank">dev_attunity@BIGEYS.PRIV`</A> manually as the Qlick replicate user, it works.</P><P>What could be the problem ?</P><P>&nbsp;</P><P>Best,</P><P>Jerome</P> Tue, 25 May 2021 17:05:16 GMT https://community.qlik.com/t5/Qlik-Replicate/Kafka-Target-Kerberos-issue/m-p/1810437#M910 jrevillard 2021-05-25T17:05:16Z Re: Kafka Target Kerberos issue https://community.qlik.com/t5/Qlik-Replicate/Kafka-Target-Kerberos-issue/m-p/1810490#M912 <P>Ok I reply my own question because I finally found the root cause. I was saying the the kinit command was working using the attunity user but this was before sourcing the arep_login.sh script!</P><P>&nbsp;</P><LI-CODE lang="markup">[attunity@ ~]$ source /opt/attunity/replicate/bin/arep_login.sh [attunity@ ~]$ kinit -R -t "/etc/security/keytabs/dev_attunity.keytab" -k dev_attunity@BIGEYS.PRIV || kinit -t "/etc/security/keytabs/dev_attunity.keytab" -k dev_attunity@BIGEYS.PRIV kinit: relocation error: kinit: symbol krb5_get_init_creds_opt_set_pac_request, version krb5_3_MIT not defined in file libkrb5.so.3 with link time reference kinit: relocation error: kinit: symbol krb5_get_init_creds_opt_set_pac_request, version krb5_3_MIT not defined in file libkrb5.so.3 with link time reference</LI-CODE><P>&nbsp;</P><P>Best,</P><P>Jerome</P> Tue, 25 May 2021 19:20:54 GMT https://community.qlik.com/t5/Qlik-Replicate/Kafka-Target-Kerberos-issue/m-p/1810490#M912 jrevillard 2021-05-25T19:20:54Z