👍 I defined a 1-second requirement that applies to the second and subsequent re-authentications. So the first re-authentication can happen immediately after authentication if desired, but the second re-authentication must then happen at least 1 second later (and so on), otherwise the SASL handshake is passed through without beginning the re-authentication process (and that would mean the connection is closed, which also results in the client experience the newly-implemented DDoS delay). There are two reasons I set it for the second re-auth. One is is because `SaslAuthenticatorTest` would end up running longer if we had to set the interval that much longer. The other is that we don't have a time value that we can use to set the start time until `KafkaChannel.maybeBeginServerReauthentication()` is invoked. I think this is reasonable -- is it okay with you?
[ Full content available at: https://github.com/apache/kafka/pull/5582 ] This message was relayed via gitbox.apache.org for [email protected]
