You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by "Rajini Sivaram (Jira)" <ji...@apache.org> on 2021/05/05 15:40:00 UTC

[jira] [Updated] (KAFKA-12730) A single Kerberos login failure fails all future connections from Java 9 onwards

     [ https://issues.apache.org/jira/browse/KAFKA-12730?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rajini Sivaram updated KAFKA-12730:
-----------------------------------
    Fix Version/s: 2.8.1
                   2.7.2
                   2.6.3
                   2.5.2

> A single Kerberos login failure fails all future connections from Java 9 onwards
> --------------------------------------------------------------------------------
>
>                 Key: KAFKA-12730
>                 URL: https://issues.apache.org/jira/browse/KAFKA-12730
>             Project: Kafka
>          Issue Type: Bug
>          Components: security
>            Reporter: Rajini Sivaram
>            Assignee: Rajini Sivaram
>            Priority: Major
>             Fix For: 3.0.0, 2.5.2, 2.6.3, 2.7.2, 2.8.1
>
>
> The refresh thread for Kerberos performs re-login by logging out and then logging in again. If login fails, we retry after a backoff. Every iteration of the loop performs loginContext.logout() and loginContext.login(). If login fails, we end up with two consecutive logouts. This used to work, but from Java 9 onwards, this results in a NullPointerException due to https://bugs.openjdk.java.net/browse/JDK-8173069. We should check if logout is required before attempting logout.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)