[jira] [Commented] (KAFKA-9577) Client encountering SASL_HANDSHAKE protocol version errors on 2.5 / trunk

Fri, 21 Feb 2020 21:50:50 -0800 


    [ 
https://issues.apache.org/jira/browse/KAFKA-9577?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17042380#comment-17042380
 ] 

ASF GitHub Bot commented on KAFKA-9577:
---------------------------------------

hachikuji commented on pull request #8142: KAFKA-9577: SaslClientAuthenticator 
incorrectly negotiates SASL_HANDSHAKE version
URL: https://github.com/apache/kafka/pull/8142
 
 
   
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Client encountering SASL_HANDSHAKE protocol version errors on 2.5 / trunk
> -------------------------------------------------------------------------
>
>                 Key: KAFKA-9577
>                 URL: https://issues.apache.org/jira/browse/KAFKA-9577
>             Project: Kafka
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 2.5.0
>            Reporter: Lucas Bradstreet
>            Assignee: Lucas Bradstreet
>            Priority: Blocker
>             Fix For: 2.5.0
>
>
> I am trying 2.5.0 with sasl turned on and my consumer and producer clients 
> receive:
> {noformat}
> org.apache.kafka.common.errors.UnsupportedVersionException: The 
> SASL_HANDSHAKE protocol does not support version 2
> {noformat}
> I believe this is due to 
> [https://github.com/apache/kafka/commit/0a2569e2b9907a1217dd50ccbc320f8ad0b42fd0]
>  which added flexible version support and bumped the protocol version.
> It appears that the SaslClientAuthenticator uses the max version for 
> SASL_HANDSHAKE received in the broker's AP_VERSIONS response, and then uses 
> that version even though it may not support it. See 
> [https://github.com/apache/kafka/blob/eb09efa9ac79efa484307bdcf03ac8eb8a3a94e2/clients/src/main/java/org/apache/kafka/common/security/authenticator/SaslClientAuthenticator.java#L290].
>  
> This may make it hard to ever evolve this schema. In the short term I suggest 
> we roll back the version bump and flexible schema until we figure out a path 
> forward.
> It appears that this may not have been a problem in the past because the 
> schema versions were the same and maybe we didn't validate the version number 
> [https://github.com/apache/kafka/commit/0cf7708007b01faac5012d939f3c50db274f858d#diff-7f65552a2e23aa7028500f8db06cbb30R47]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to