Ron Dagostino created KAFKA-9241:
------------------------------------
Summary: SASL Clients are not forced to re-authenticate if they
don't leverage SaslAuthenticateRequest
Key: KAFKA-9241
URL: https://issues.apache.org/jira/browse/KAFKA-9241
Project: Kafka
Issue Type: Bug
Components: clients
Affects Versions: 2.2.1, 2.3.0, 2.2.0
Reporter: Ron Dagostino
Assignee: Ron Dagostino
Brokers are supposed to force SASL clients to re-authenticate (and kill such
connections in the absence of a timely and successful re-authentication) when
SASL Re-Authentication
[(KIP-368)|https://cwiki.apache.org/confluence/display/KAFKA/KIP-368%3A+Allow+SASL+Connections+to+Periodically+Re-Authenticate]
is enabled via a positive `connections.max.reauth.ms` configuration value.
There is a flaw in the logic that causes connections to not be killed in the
absence of a timely and successful re-authentication _if the client does not
leverage the SaslAuthenticateRequest API_ (which was defined in
[KIP-152|https://cwiki.apache.org/confluence/display/KAFKA/KIP-152+-+Improve+diagnostics+for+SASL+authentication+failures]).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
