kafka
auth_error
ai_generated
true
org.apache.kafka.common.errors.UnsupportedSaslMechanismException: The broker does not support the SASL mechanism PLAIN
ID: kafka/unsupported-sasl-mechanism
90%Fix Rate
87%Confidence
1Evidence
2023-02-14First Seen
Version Compatibility
| Version | Status | Introduced | Deprecated | Notes |
|---|---|---|---|---|
| Kafka 2.8.0 | active | — | — | — |
| Kafka 3.0.0 | active | — | — | — |
| Kafka 3.4.0 | active | — | — | — |
| Kafka 3.6.0 | active | — | — | — |
Root Cause
The client configured a SASL mechanism (e.g., PLAIN) that is not enabled in the broker's sasl.enabled.mechanisms configuration.
generic中文
客户端配置了代理的 sasl.enabled.mechanisms 配置中未启用的 SASL 机制(例如 PLAIN)。
Official Documentation
https://kafka.apache.org/documentation/#brokerconfigs_sasl.enabled.mechanismsWorkarounds
-
95% success Enable the required SASL mechanism in the broker's server.properties: sasl.enabled.mechanisms=PLAIN,SCRAM-SHA-256 Then restart the broker. Ensure the JAAS file also configures the mechanism's login module: KafkaServer { org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="admin-secret" user_admin="admin-secret" user_alice="alice-secret"; };
Enable the required SASL mechanism in the broker's server.properties: sasl.enabled.mechanisms=PLAIN,SCRAM-SHA-256 Then restart the broker. Ensure the JAAS file also configures the mechanism's login module: KafkaServer { org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="admin-secret" user_admin="admin-secret" user_alice="alice-secret"; }; -
85% success On the client side, switch to a mechanism that the broker already supports. Check the broker logs for supported mechanisms or query via kafka-configs: kafka-configs --bootstrap-server localhost:9092 --entity-type brokers --entity-name 0 --describe --all | grep sasl.enabled.mechanisms
On the client side, switch to a mechanism that the broker already supports. Check the broker logs for supported mechanisms or query via kafka-configs: kafka-configs --bootstrap-server localhost:9092 --entity-type brokers --entity-name 0 --describe --all | grep sasl.enabled.mechanisms
中文步骤
Enable the required SASL mechanism in the broker's server.properties: sasl.enabled.mechanisms=PLAIN,SCRAM-SHA-256 Then restart the broker. Ensure the JAAS file also configures the mechanism's login module: KafkaServer { org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="admin-secret" user_admin="admin-secret" user_alice="alice-secret"; };On the client side, switch to a mechanism that the broker already supports. Check the broker logs for supported mechanisms or query via kafka-configs: kafka-configs --bootstrap-server localhost:9092 --entity-type brokers --entity-name 0 --describe --all | grep sasl.enabled.mechanisms
Dead Ends
Common approaches that don't work:
-
Change the client's SASL mechanism to SCRAM-SHA-256 without enabling it on the broker
90% fail
If SCRAM-SHA-256 is also not in sasl.enabled.mechanisms, the same error occurs; the broker must have the mechanism enabled.
-
Restart the broker after modifying JAAS config only
95% fail
JAAS config provides credentials but does not enable the mechanism; sasl.enabled.mechanisms must be set in server.properties.