David Mollitor created KAFKA-10612:
--------------------------------------
Summary: Log When SSL Authentication is in Unexpected State
Key: KAFKA-10612
URL: https://issues.apache.org/jira/browse/KAFKA-10612
Project: Kafka
Issue Type: Improvement
Reporter: David Mollitor
Recently got into some deep troubleshooting of Kafka SSL client authentication.
I was looking at a lot of SSL debug logging and seeing that the client was
correctly passing its client credentials but the client would not authorize
correctly with Apache Sentry.
I finally discovered that the issue was simply that {{ssl.client.auth}} was set
to {{none}}. D'oh.
It would have been helpful to get some broker logging indicating that the
client is doing SSL authentication but that none is required by the server. I
doubt many environments would bother setting it up if it wasn't going to be
used.
https://kafka.apache.org/documentation/#ssl.client.auth
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
