You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@kafka.apache.org by "AndrewDi (Jira)" <ji...@apache.org> on 2021/08/27 10:06:00 UTC

[jira] [Created] (KAFKA-13241) Name resolution should be disabled during SASL authentication

AndrewDi created KAFKA-13241:
--------------------------------

             Summary: Name resolution should be disabled during SASL authentication
                 Key: KAFKA-13241
                 URL: https://issues.apache.org/jira/browse/KAFKA-13241
             Project: Kafka
          Issue Type: Bug
          Components: network
    Affects Versions: 2.8.0
         Environment: Redhat linux
            Reporter: AndrewDi


{code:java}
 LoginManager loginManager = loginManagers.get(clientSaslMechanism);
                authenticatorCreator = () -> buildClientAuthenticator(configs,
                        saslCallbackHandlers.get(clientSaslMechanism),
                        id,
                        socket.getInetAddress().getHostName(),
                        loginManager.serviceName(),
                        transportLayer,
                        subjects.get(clientSaslMechanism));{code}
When using SASL authentication, kafka will always try to do hostname resolution when build client authenticator, this is unnecessary, if we use ip to connect to kafka server, and didn't config kafka server hostname resolution, kafka client will suck here for about 10s, and then timeout with java.net.UnknownHostException but client can auth success anyway.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)