You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by "Jason Gustafson (Jira)" <ji...@apache.org> on 2020/02/20 05:56:00 UTC

[jira] [Assigned] (KAFKA-9577) Client encountering SASL_HANDSHAKE protocol version errors on 2.5 / trunk

     [ https://issues.apache.org/jira/browse/KAFKA-9577?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jason Gustafson reassigned KAFKA-9577:
--------------------------------------

    Assignee: Lucas Bradstreet

> Client encountering SASL_HANDSHAKE protocol version errors on 2.5 / trunk
> -------------------------------------------------------------------------
>
>                 Key: KAFKA-9577
>                 URL: https://issues.apache.org/jira/browse/KAFKA-9577
>             Project: Kafka
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 2.5.0
>            Reporter: Lucas Bradstreet
>            Assignee: Lucas Bradstreet
>            Priority: Blocker
>             Fix For: 2.5.0
>
>
> I am trying 2.5.0 with sasl turned on and my consumer and producer clients receive:
> {noformat}
> org.apache.kafka.common.errors.UnsupportedVersionException: The SASL_HANDSHAKE protocol does not support version 2
> {noformat}
> I believe this is due to [https://github.com/apache/kafka/commit/0a2569e2b9907a1217dd50ccbc320f8ad0b42fd0] which added flexible version support and bumped the protocol version.
> It appears that the SaslClientAuthenticator uses the max version for SASL_HANDSHAKE received in the broker's AP_VERSIONS response, and then uses that version even though it may not support it. See [https://github.com/apache/kafka/blob/eb09efa9ac79efa484307bdcf03ac8eb8a3a94e2/clients/src/main/java/org/apache/kafka/common/security/authenticator/SaslClientAuthenticator.java#L290]. 
> This may make it hard to ever evolve this schema. In the short term I suggest we roll back the version bump and flexible schema until we figure out a path forward.
> It appears that this may not have been a problem in the past because the schema versions were the same and maybe we didn't validate the version number [https://github.com/apache/kafka/commit/0cf7708007b01faac5012d939f3c50db274f858d#diff-7f65552a2e23aa7028500f8db06cbb30R47]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)