I am trying to enable zookeeper kafka authentication using Digest but it failing to come up. My configuration changes.

Zookeeper version : 3.8.4

zookeeper-jaas.conf

Server {
    org.apache.zookeeper.server.auth.DigestLoginModule required
    user_super="aSlploJqcJZRB3DuhLjcy";
};

Client {
    org.apache.zookeeper.server.auth.DigestLoginModule required
    username="super"
    password="aSlploJqcJZRB3DuhLjcy";
};

kafka-jaas.conf

Client {
    org.apache.zookeeper.server.auth.DigestLoginModule required
    username="super"
    password="aSlploJqcJZRB3DuhLjcy";
};

zookeeper.properties

# Enable Digest authentication for ZooKeeper
authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
#jaasLoginRenew=3600000
java.security.auth.login.config=/dicom-kafka-oci/config/zookeeper-jaas.conf
zookeeper.maintain_connection_despite_sasl_failure=yes

server.properties

zookeeper.maintain_connection_despite_sasl_failure=yes
zookeeper.sasl.mechanism=DIGEST-MD5

export KAFKA_OPTS='-Djava.security.auth.login.config=/dicom-kafka-oci/config/kafka-jaas.conf.conf'

Error

Fatal error during KafkaServer startup. Prepare to shutdown:
org.apache.zookeeper.KeeperException$AuthFailedException: KeeperErrorCode = AuthFailed for /consumers
    at org.apache.zookeeper.KeeperException.create(KeeperException.java:130)
    at org.apache.zookeeper.KeeperException.create(KeeperException.java:54)
    at kafka.zookeeper.AsyncResponse.maybeThrow(ZooKeeperClient.scala:570)
    at kafka.zk.KafkaZkClient.createRecursive(KafkaZkClient.scala:1883)
    at kafka.zk.KafkaZkClient.makeSurePersistentPathExists(KafkaZkClient.scala:1781)
    at kafka.zk.KafkaZkClient.$anonfun$createTopLevelPaths$1(KafkaZkClient.scala:1773)
    at kafka.zk.KafkaZkClient.$anonfun$createTopLevelPaths$1$adapted(KafkaZkClient.scala:1773)
    at scala.collection.immutable.List.foreach(List.scala:431)
    at kafka.zk.KafkaZkClient.createTopLevelPaths(KafkaZkClient.scala:1773)
    at kafka.server.KafkaServer.initZkClient(KafkaServer.scala:658)
    at kafka.server.KafkaServer.startup(KafkaServer.scala:222)
    at kafka.Kafka$.main(Kafka.scala:113)
    at kafka.Kafka.main(Kafka.scala)

2025-02-07 08:15:38.693Z
dis-kafka
[ZooKeeperClient Kafka server] Auth failed, initialized=true connectionState=AUTH_FAILED

2025-02-07 08:15:38.690Z
dis-kafka
SASL authentication failed using login context 'Client'.:
javax.security.sasl.SaslException: Error in authenticating with a Zookeeper Quorum member: the quorum member's saslToken is null.
    at org.apache.zookeeper.client.ZooKeeperSaslClient.createSaslToken(ZooKeeperSaslClient.java:310)
    at org.apache.zookeeper.client.ZooKeeperSaslClient.respondToServer(ZooKeeperSaslClient.java:270)
    at org.apache.zookeeper.ClientCnxn$SendThread.readResponse(ClientCnxn.java:936)
    at org.apache.zookeeper.ClientCnxnSocketNetty$ZKClientHandler.channelRead0(ClientCnxnSocketNetty.java:517)
    at org.apache.zookeeper.ClientCnxnSocketNetty$ZKClientHandler.channelRead0(ClientCnxnSocketNetty.java:472)
    at ioty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:99)
    at ioty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
    at ioty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
    at ioty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
    at ioty.handler.ssl.SslHandler.unwrap(SslHandler.java:1503)
    at ioty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1366)
    at ioty.handler.ssl.SslHandler.decode(SslHandler.java:1415)
    at ioty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:530)
    at ioty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:469)
    at ioty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290)
    at ioty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
    at ioty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
    at ioty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
    at ioty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1357)
    at ioty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
    at ioty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
    at ioty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:868)
    at ioty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
    at ioty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788)
    at ioty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:724)
    at ioty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:650)
    at ioty.channel.nio.NioEventLoop.run(NioEventLoop.java:562)
    at ioty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
    at ioty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
    at ioty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
    at java.base/java.lang.Thread.run(Thread.java:842)

2025-02-07 08:15:38.684Z
dis-kafka
cnxn.saslServer is null: cnxn object did not initialize its saslServer properly.

Used this file for setting up Digest authentication.

+mutual+authentication

Followed this confluence for setting up Digest authentication.

+mutual+authentication