Hi Sourav, Can you check if https://github.com/apache/kafka/pull/13211 can help to handle your scenario?.
Thanks On Sun, Feb 5, 2023 at 6:23 AM Sourav Biswas <sourav_biswa...@yahoo.com.invalid> wrote: > > Hello Kafka Dev, > Issue:Say, I need to configure multiple client (consumer/producer) listening > and publishing to different cluster inside same application (Same JVM). Both > cluster uses > - sasl.mechanism = GSSAPI- security.porotocol = SASL_PLAINTEXT > > But, different 'sasl.kerberos.service.name'. > > Now, considering above configuration, client will create a KafkaChannel using > SaslChannelBuilder, which uses a > LoginManager.https://github.com/apache/kafka/blob/4a7fedd46a7fc1eff5411a0f4329781c9474f8e8/clients/src/main/java/org/apache/kafka/common/network/SaslChannelBuilder.java#L170 > For this case, it should create multiple LoginManager for each cluster but it > is creating only one. Because of this Authentication is failing for all > cluster except one. > > Reason: > A static Map of login managers is maintained, with key of LoginMetadata > STATIC_INSTANCES.put(loginMetadata, loginManager); > > - > https://github.com/apache/kafka/blob/4a7fedd46a7fc1eff5411a0f4329781c9474f8e8/clients/src/main/java/org/apache/kafka/common/security/authenticator/LoginManager.java#L109 > > - > https://github.com/apache/kafka/blob/4a7fedd46a7fc1eff5411a0f4329781c9474f8e8/clients/src/main/java/org/apache/kafka/common/security/authenticator/LoginManager.java#L113 > > LoginMetadata only considers following fields to maintains its uniqueness. > final T configInfo; // "KafkaClient"; Same for all cluster > final Class<? extends Login> loginClass; // Same for all clusester > final Class<? extends AuthenticateCallbackHandler> > loginCallbackClass; // Same for all cluster > > > Possible fix:Need to consider more fields ( > sasl.kerberos.service.name/client.id/somethin-else) to maintain more granular > uniqueness. > > Note:If you feel it's a bug, then I can raise a PR if I get a jira. Please > share your thoughts. > ~ Sourav > >
