Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-9241

SASL Clients are not forced to re-authenticate if they don't leverage SaslAuthenticateRequest

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.2.0, 2.3.0, 2.2.1, 2.4.0
    • Fix Version/s: 2.5.0
    • Component/s: clients

      Description

      Brokers are supposed to force SASL clients to re-authenticate (and kill such connections in the absence of a timely and successful re-authentication) when SASL Re-Authentication (KIP-368) is enabled via a positive `connections.max.reauth.ms` configuration value. There is a flaw in the logic that causes connections to not be killed in the absence of a timely and successful re-authentication if the client does not leverage the SaslAuthenticateRequest API (which was defined in KIP-152).

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                rndgstn Ron Dagostino
                Reporter:
                rndgstn Ron Dagostino
                Reviewer:
                Rajini Sivaram
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: