Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-4764

Improve diagnostics for SASL authentication failures

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.10.2.0
    • Fix Version/s: 1.0.0
    • Component/s: security
    • Labels:
      None

      Description

      At the moment, broker closes the client connection if SASL authentication fails. Clients see this as a connection failure and do not get any feedback for the reason why the connection was closed. Producers and consumers retry, attempting to create successful connections, treating authentication failures as transient failures. There are no log entries on the client-side which indicate that any of these connection failures were due to authentication failure.

      This JIRA will aim to improve diagnosis of authentication failures with the changes described in KIP-152.

      This JIRA also does not change handling of SSL authentication failures. javax.net.debug provides sufficient diagnostics for this case. SSL changes are harder to do while preserving backward compatibility.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                rsivaram Rajini Sivaram
                Reporter:
                rsivaram Rajini Sivaram
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: