You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by "AndrewDi (Jira)" <ji...@apache.org> on 2021/08/27 10:06:00 UTC
[jira] [Created] (KAFKA-13241) Name resolution should be disabled
during SASL authentication
AndrewDi created KAFKA-13241:
--------------------------------
Summary: Name resolution should be disabled during SASL authentication
Key: KAFKA-13241
URL: https://issues.apache.org/jira/browse/KAFKA-13241
Project: Kafka
Issue Type: Bug
Components: network
Affects Versions: 2.8.0
Environment: Redhat linux
Reporter: AndrewDi
{code:java}
LoginManager loginManager = loginManagers.get(clientSaslMechanism);
authenticatorCreator = () -> buildClientAuthenticator(configs,
saslCallbackHandlers.get(clientSaslMechanism),
id,
socket.getInetAddress().getHostName(),
loginManager.serviceName(),
transportLayer,
subjects.get(clientSaslMechanism));{code}
When using SASL authentication, kafka will always try to do hostname resolution when build client authenticator, this is unnecessary, if we use ip to connect to kafka server, and didn't config kafka server hostname resolution, kafka client will suck here for about 10s, and then timeout with java.net.UnknownHostException but client can auth success anyway.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)