You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by "Damian Guy (JIRA)" <ji...@apache.org> on 2018/02/01 11:58:08 UTC

[jira] [Updated] (KAFKA-5945) Improve handling of authentication failures when credentials are removed

     [ https://issues.apache.org/jira/browse/KAFKA-5945?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Damian Guy updated KAFKA-5945:
------------------------------
    Fix Version/s:     (was: 1.1.0)
                   1.2.0

> Improve handling of authentication failures when credentials are removed
> ------------------------------------------------------------------------
>
>                 Key: KAFKA-5945
>                 URL: https://issues.apache.org/jira/browse/KAFKA-5945
>             Project: Kafka
>          Issue Type: Improvement
>          Components: clients
>    Affects Versions: 1.0.0
>            Reporter: Rajini Sivaram
>            Assignee: Rajini Sivaram
>            Priority: Major
>             Fix For: 1.2.0
>
>
> KAFKA-5854 improves the handling of authentication failures. The scope of KAFKA-5854  was limited to a specific scenario - provide better feedback to applications when security is misconfigured. The PR improves diagnostics for this scenario by throwing an AuthenticationException and also avoids retries. To enable this, the first request initiated by any public API was updated to throw authentication exceptions.
> This JIRA is for a more extensive handling of authentication exceptions which also includes proper handling of credential updates at any time. If a credential is removed, then we could see authentication exception from any request and we want to propagate this properly. This needs quite extensive testing and is less likely to be hit by users, so it will be done later under this JIRA.
> The gaps that need covering are:
> 1. Ensure authentication failures are processed in the Network client for any request
> 2. Ensure metadata refresh failures are handled properly at any time
> 3. Heartbeat threads and other background threads should handle authentication failures. Threads should not terminate on failure, but should avoid retries until application performs a new operation.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)