kafka-jira mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KAFKA-4764) Improve diagnostics for SASL authentication failures
Date Wed, 04 Oct 2017 13:00:08 GMT

    [ https://issues.apache.org/jira/browse/KAFKA-4764?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16191209#comment-16191209

ASF GitHub Bot commented on KAFKA-4764:

GitHub user rajinisivaram opened a pull request:


    KAFKA-4764: Upgrade notes for authentication failure handling (KIP-152)


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/rajinisivaram/kafka MINOR-upgrade-auth-failure

Alternatively you can review and apply these changes as the patch at:


To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #4013
commit 6e4630515162aa058a2856f1efd4118a0f834c3f
Author: Rajini Sivaram <rajinisivaram@googlemail.com>
Date:   2017-10-04T11:51:25Z

    KAFKA-4764: Upgrade notes for authentication failure handling (KIP-152)


> Improve diagnostics for SASL authentication failures
> ----------------------------------------------------
>                 Key: KAFKA-4764
>                 URL: https://issues.apache.org/jira/browse/KAFKA-4764
>             Project: Kafka
>          Issue Type: Improvement
>          Components: security
>    Affects Versions:
>            Reporter: Rajini Sivaram
>            Assignee: Rajini Sivaram
>             Fix For: 1.0.0
> At the moment, broker closes the client connection if SASL authentication fails. Clients
see this as a connection failure and do not get any feedback for the reason why the connection
was closed. Producers and consumers retry, attempting to create successful connections, treating
authentication failures as transient failures. There are no log entries on the client-side
which indicate that any of these connection failures were due to authentication failure.
> This JIRA will aim to improve diagnosis of authentication failures with the changes described
in [KIP-152|https://cwiki.apache.org/confluence/display/KAFKA/KIP-152+-+Improve+diagnostics+for+SASL+authentication+failures].
> This JIRA also does not change handling of SSL authentication failures. javax.net.debug
provides sufficient diagnostics for this case. SSL changes are harder to do while preserving
backward compatibility.

This message was sent by Atlassian JIRA

View raw message