How to find kafka broker username and password - Stack Overflow

I'm using Kafka 3.0.0 and following a tutorial to run this command:

kafka-topics.sh --command-config playground.config --bootstrap-server localhost:9092 --topic first_topic --create --partitions 5 --replication-factor 1

but get the following error:

    [2025-01-04 14:09:04,953] WARN [AdminClient clientId=adminclient-1] Connection to node -1 (localhost./127.0.1.1:9092) terminated during authentication. This may happen due to any of the following reasons: (1) Authentication failed due to invalid credentials with brokers older than 1.0.0, (2) Firewall blocking Kafka TLS traffic (eg it may only allow HTTPS traffic), (3) Transient network issue. (org.apache.kafka.clients.NetworkClient)

The playground config has the following settings:

security.protocol=SASL_SSL
sasl.mechanism=PLAIN
sasl.jaas.config=org.apache.kafkamon.security.plain.PlainLoginModule required username="username" password="password"

I read that the username and password is defined in the jaas.conf file, but I can't seem to find that file. I checked in the following locations:

• /etc/kafka/
• /opt/kafka/config/
• /usr/local/kafka/config/

So my question is do I need to provide a username and password? The server.properties doesn't explicitly define that SASL has to be used.

I'm using Kafka 3.0.0 and following a tutorial to run this command:

kafka-topics.sh --command-config playground.config --bootstrap-server localhost:9092 --topic first_topic --create --partitions 5 --replication-factor 1

but get the following error:

    [2025-01-04 14:09:04,953] WARN [AdminClient clientId=adminclient-1] Connection to node -1 (localhost./127.0.1.1:9092) terminated during authentication. This may happen due to any of the following reasons: (1) Authentication failed due to invalid credentials with brokers older than 1.0.0, (2) Firewall blocking Kafka TLS traffic (eg it may only allow HTTPS traffic), (3) Transient network issue. (org.apache.kafka.clients.NetworkClient)

The playground config has the following settings:

security.protocol=SASL_SSL
sasl.mechanism=PLAIN
sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="username" password="password"

I read that the username and password is defined in the jaas.conf file, but I can't seem to find that file. I checked in the following locations:

• /etc/kafka/
• /opt/kafka/config/
• /usr/local/kafka/config/

So my question is do I need to provide a username and password? The server.properties doesn't explicitly define that SASL has to be used.

• apache-kafka

Share Improve this question Follow asked 22 hours ago rds80rds80 62922 gold badges1111 silver badges3030 bronze badges

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 0

Your last line of explanations turns few technical doubts but how it works is the following:

These credentials are typically required when SASL authentication is enabled in the Kafka broker.If SASL is not explicitly configured in the broker's server.properties, username and password may not be necessary.If SASL is enabled, the username and password are usually defined: Directly in the broker configuration (server.properties). In an external file (e.g., jaas.conf).

Places to check:

• the server.properties file on the Kafka broker:

  listeners=SASL_SSL://:9092 advertised.listeners=SASL_SSL://your-host:9092 security.protocol=SASL_SSL sasl.mechanism.inter.broker.protocol=PLAIN sasl.enabled.mechanisms=PLAIN listener.name.sasl_ssl.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="admin-secret";

The last line of above is listener.name.sasl_ssl.plain.sasl.jaas.config field defines the broker-side authentication credentials.

• If the credentials are not in server.properties, the broker may use an external jaas.conf file

in bash side type: echo $KAFKA_OPTS, and look for something like -Djava.security.auth.login.config=/path/to/jaas.conf. Follow the path, and open the file. User/Pass is possible to be here.