Hi, I created a KIP that proposes we add a broker configuration to delay responses to failed client authentication. This will help prevent DoS-like situations because of a misconfigured application trying to connect with incorrect or stale credentials over and over again.
Link to the KIP: https://cwiki.apache.org/confluence/display/KAFKA/KIP-306%3A+Configuration+for+Delaying+Response+to+Failed+Client+Authentication Because this is a fairly short and straightforward KIP, I will start a vote tomorrow if there are no major objections. Suggestions and feedback are welcome! Thanks, Dhruvil
