Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-9241

SASL Clients are not forced to re-authenticate if they don't leverage SaslAuthenticateRequest

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.2.0, 2.3.0, 2.2.1, 2.4.0
    • 2.5.0
    • clients

    Description

      Brokers are supposed to force SASL clients to re-authenticate (and kill such connections in the absence of a timely and successful re-authentication) when SASL Re-Authentication (KIP-368) is enabled via a positive `connections.max.reauth.ms` configuration value. There is a flaw in the logic that causes connections to not be killed in the absence of a timely and successful re-authentication if the client does not leverage the SaslAuthenticateRequest API (which was defined in KIP-152).

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. SPARK-31464 Upgrade Kafka to 2.5.0

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #7784

          Activity

            People

              rndgstn Ron Dagostino
              rndgstn Ron Dagostino
              Rajini Sivaram Rajini Sivaram
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: