kafka-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rajini Sivaram (JIRA)" <j...@apache.org>
Subject [jira] [Created] (KAFKA-6004) Enable custom authentication plugins to return error messages to clients
Date Mon, 02 Oct 2017 20:59:00 GMT
Rajini Sivaram created KAFKA-6004:
-------------------------------------

             Summary: Enable custom authentication plugins to return error messages to clients
                 Key: KAFKA-6004
                 URL: https://issues.apache.org/jira/browse/KAFKA-6004
             Project: Kafka
          Issue Type: Improvement
          Components: security
            Reporter: Rajini Sivaram
            Assignee: Rajini Sivaram
             Fix For: 1.0.1


KIP-152 enables authentication failures to be returned to clients to simplify diagnosis of
security configuration issues. At the moment, a fixed message is returned to clients by SaslServerAuthenticator
which says "Authentication failed due to invalid credentials with SASL mechanism $mechanism".

We have added an error message string to SaslAuthenticateResponse to return custom messages
from the broker to clients. Custom SASL server implementations may want to return more specific
error messages in some cases. We should allow this by returning error messages from specific
exceptions (e.g. org.apache.kafka.common.errors.AuthenticationException) in SaslAuthenticateResponse.
It would be better not to return the error message from SaslException since it may contain
information that we do not want to leak to clients.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message