Description
At the moment, broker closes the client connection if SASL authentication fails. Clients see this as a connection failure and do not get any feedback for the reason why the connection was closed. Producers and consumers retry, attempting to create successful connections, treating authentication failures as transient failures. There are no log entries on the client-side which indicate that any of these connection failures were due to authentication failure.
This JIRA will aim to improve diagnosis of authentication failures with the changes described in KIP-152.
This JIRA also does not change handling of SSL authentication failures. javax.net.debug provides sufficient diagnostics for this case. SSL changes are harder to do while preserving backward compatibility.
Attachments
Issue Links
- blocks
-
KAFKA-5854 Handle SASL authentication failures as non-retriable exceptions in clients
-
- Resolved
-
- duplicates
-
KAFKA-5910 Kafka 0.11.0.1 Kafka consumer/producers retries in infinite loop when wrong SASL creds are passed
-
- Resolved
-
-
KAFKA-5015 SASL/SCRAM authentication failures are hidden
-
- Resolved
-
- links to
- mentioned in
-
Page Loading...