On the broker-side, I think we need a minimum re-authentication interval as well to restrict the rate at which clients re-authenticate. This is particularly important since we dont apply any quotas for authentication. Without imposing a re-authentication rate limit, a client that enters a re-authentication loop (due to a bug or intentionally) would effectively stop the broker from doing anything useful.
[ Full content available at: https://github.com/apache/kafka/pull/5582 ] This message was relayed via gitbox.apache.org for [email protected]
