1 增加配置：

# Use SASL plaintext
security.protocol=SASL_PLAINTEXT

# Broker service name
sasl.kerberos.service.name=$SERVICENAME

# Client keytab location
sasl.kerberos.keytab=/etc/security/keytabs/${CLIENT_NAME}.keytab

# sasl.kerberos.principal
sasl.kerberos.principal=${CLIENT_NAME}/${CLIENT_HOST}

sasl.kerberos.kinit.cmd命令不用加，文档上面写的是默认执行：kinit -R -t "%{sasl.kerberos.keytab}" -k %{sasl.kerberos.principal} || kinit -t "%{sasl.kerberos.keytab}" -k %{sasl.kerberos.principal}

2 ubuntu客户端安装软件：

apt-get libsasle-modules-gssapi-mit

apt-get libsasle-dev 

apt-get krb5-user
apt-get krb5-config

设置环境变量 KRB5_CONFIG=/***/krb5.conf

把krb5.conf拷贝到/etc/目录替换到原来的krb5.conf文件

3 我这边连接kafka后报错：Failed to initialize SASL authentication: SASL handshake failed (start (-1)): SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Included profile directory could not be read) (after 0ms in state AUTH_REQ)

其中最主要的报错信息是Included profile directory could not be read，查找之后是krb5.conf文件开头多了一行includedir /etc/krb5.conf.d/，把这行删除，因为不确定默认读的是哪个krb5.conf文件，我把krb5.conf的includedir都删了

4 打包镜像，运行成功。

参考文档：librdkafka: Configuration properties

Kerberos - Community Help Wiki

kinit: Included profile directory could not be read while initializing Kerberos 5 library - 爱码网Using SASL with librdkafka · edenhill/librdkafka Wiki · GitHub