[KAFKA-12730] A single Kerberos login failure fails all future connections from Java 9 onwards - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.5.2, 2.6.3, 2.7.2, 2.8.1, 3.0.0
Component/s: security
Labels:
None

Description

The refresh thread for Kerberos performs re-login by logging out and then logging in again. If login fails, we retry after a backoff. Every iteration of the loop performs loginContext.logout() and loginContext.login(). If login fails, we end up with two consecutive logouts. This used to work, but from Java 9 onwards, this results in a NullPointerException due to https://bugs.openjdk.java.net/browse/JDK-8173069. We should check if logout is required before attempting logout.

Attachments

Issue Links

links to

GitHub Pull Request #10611

Activity

People

Assignee:: Rajini Sivaram

Reporter:: Rajini Sivaram

Reviewer:: Manikumar

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 29/Apr/21 08:22

Updated:: 05/May/21 15:39

Resolved:: 29/Apr/21 14:45