kafka
auth_error
ai_generated
true
org.apache.kafka.common.errors.UnsupportedSaslMechanismException: 代理不支持 SASL 机制 PLAIN
org.apache.kafka.common.errors.UnsupportedSaslMechanismException: The broker does not support the SASL mechanism PLAIN
ID: kafka/unsupported-sasl-mechanism
90%修复率
87%置信度
1证据数
2023-02-14首次发现
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| Kafka 2.8.0 | active | — | — | — |
| Kafka 3.0.0 | active | — | — | — |
| Kafka 3.4.0 | active | — | — | — |
| Kafka 3.6.0 | active | — | — | — |
根因分析
客户端配置了代理的 sasl.enabled.mechanisms 配置中未启用的 SASL 机制(例如 PLAIN)。
English
The client configured a SASL mechanism (e.g., PLAIN) that is not enabled in the broker's sasl.enabled.mechanisms configuration.
官方文档
https://kafka.apache.org/documentation/#brokerconfigs_sasl.enabled.mechanisms解决方案
-
Enable the required SASL mechanism in the broker's server.properties: sasl.enabled.mechanisms=PLAIN,SCRAM-SHA-256 Then restart the broker. Ensure the JAAS file also configures the mechanism's login module: KafkaServer { org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="admin-secret" user_admin="admin-secret" user_alice="alice-secret"; }; -
On the client side, switch to a mechanism that the broker already supports. Check the broker logs for supported mechanisms or query via kafka-configs: kafka-configs --bootstrap-server localhost:9092 --entity-type brokers --entity-name 0 --describe --all | grep sasl.enabled.mechanisms
无效尝试
常见但无效的做法:
-
Change the client's SASL mechanism to SCRAM-SHA-256 without enabling it on the broker
90% 失败
If SCRAM-SHA-256 is also not in sasl.enabled.mechanisms, the same error occurs; the broker must have the mechanism enabled.
-
Restart the broker after modifying JAAS config only
95% 失败
JAAS config provides credentials but does not enable the mechanism; sasl.enabled.mechanisms must be set in server.properties.