Trouble authenticating with Kerberos

[camdencheek]

Versions

sarama: 1358e9c
kafka: 2.2.1
go: 1.13

Configuration

What configuration values are you using for Sarama and Kafka?

    config := sarama.NewConfig()
    config.Version = sarama.V2_0_0_0

    config.Net.SASL.Enable = true
    config.Net.SASL.Mechanism = sarama.SASLTypeGSSAPI

    config.Net.SASL.GSSAPI = sarama.GSSAPIConfig{
      AuthType: sarama.KRB5_USER_AUTH, 
      Realm: "<realm>",
      ServiceName: "kafka",
      Username: "<username>",
      Password: "<password>",
      KerberosConfigPath: "/etc/krb5.conf",
    }

/etc/krb5.conf:

[libdefaults]
    default_realm = CLOUDERA.LOCALNET

[realms]
    CLOUDERA.LOCALNET = {
        kdc = <kdc>
        admin_server = <admin_server>
    }

Logs

logs: CLICK ME

2019/10/24 17:06:14 Initializing new client
2019/10/24 17:06:14 ClientID is the default of 'sarama', you should consider setting it to something application-specific.
2019/10/24 17:06:14 ClientID is the default of 'sarama', you should consider setting it to something application-specific.
2019/10/24 17:06:14 client/metadata fetching metadata for all topics from broker cloudera-host.localnet:9092
2019/10/24 17:06:14 Kerberos client error: [Root cause: KRBMessage_Handling_Error] KRBMessage_Handling_Error: AS Exchange Error: AS_REP is not valid or client password/keytab incorrect < KRBMessage_Handling_Error: KDC did not respond appropriately to FAST negotiation
2019/10/24 17:06:14 Closed connection to broker cloudera-host.localnet:9092
2019/10/24 17:06:14 client/metadata got error from broker -1 while fetching metadata: [Root cause: KRBMessage_Handling_Error] KRBMessage_Handling_Error: AS Exchange Error: AS_REP is not valid or client password/keytab incorrect < KRBMessage_Handling_Error: KDC did not respond appropriately to FAST negotiation
2019/10/24 17:06:14 client/metadata no available broker to send metadata request to
2019/10/24 17:06:14 client/brokers resurrecting 1 dead seed brokers
2019/10/24 17:06:14 client/metadata retrying after 250ms... (3 attempts remaining)

Problem Description

I can't seem to get the client configured to connect to a Kerberos-enabled cloudera instance. I've verified that the username and password are valid with kinit <user>@CLOUDERA.LOCALNET. I'm a bit new to implementing kerberos clients, so I'm not entirely sure where to look from here.

[ghost]

Thank you for taking the time to raise this issue. However, it has not had any activity on it in the past 90 days and will be closed in 30 days if no updates occur.
Please check if the master branch has already resolved the issue since it was raised. If you believe the issue is still valid and you would like input from the maintainers then please comment to ask for it to be reviewed.

[camdencheek]

Hi -- this still seems to be an issue

[camdencheek]

Closing because I am no longer working on this project