You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by "Randall Hauch (Jira)" <ji...@apache.org> on 2020/06/24 20:04:02 UTC

[jira] [Updated] (KAFKA-9497) Brokers start up even if SASL provider is not loaded and throw NPE when clients connect

     [ https://issues.apache.org/jira/browse/KAFKA-9497?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Randall Hauch updated KAFKA-9497:
---------------------------------
    Fix Version/s:     (was: 2.6.0)
                   2.7.0

Since this is not a blocker issue, as part of the 2.6.0 release process I'm changing the fix version to `2.7.0`. If this is incorrect, please respond and discuss on the "[DISCUSS] Apache Kafka 2.6.0 release" discussion mailing list thread.

> Brokers start up even if SASL provider is not loaded and throw NPE when clients connect
> ---------------------------------------------------------------------------------------
>
>                 Key: KAFKA-9497
>                 URL: https://issues.apache.org/jira/browse/KAFKA-9497
>             Project: Kafka
>          Issue Type: Bug
>    Affects Versions: 0.10.2.2, 0.11.0.3, 1.1.1, 2.4.0
>            Reporter: Rajini Sivaram
>            Assignee: Rajini Sivaram
>            Priority: Major
>             Fix For: 2.7.0
>
>
> Note: This is not a regression, this has been the behaviour since SASL was first implemented in Kafka.
>  
> Sasl.createSaslServer and Sasl.createSaslClient may return null if a SASL provider that works for the specified configs cannot be created. We don't currently handle this case. As a result broker/client throws NullPointerException if a provider has not been loaded. On the broker-side, we allow brokers to start up successfully even if SASL provider for its enabled mechanisms are not found. For SASL mechanisms PLAIN/SCRAM-xx/OAUTHBEARER, the login module in Kafka loads the SASL providers. If the login module is incorrectly configured, brokers startup and then fail client connections when hitting NPE. Clients see disconnections during authentication as a result. It is difficult to tell from the client or broker logs why the failure occurred. We should fail during startup if SASL providers are not found and provide better diagnostics for this case.
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)