Gérald Quintana created KAFKA-10615:
---------------------------------------
Summary: Authentication failure log detail
Key: KAFKA-10615
URL: https://issues.apache.org/jira/browse/KAFKA-10615
Project: Kafka
Issue Type: Improvement
Components: security
Affects Versions: 2.4.1
Reporter: Gérald Quintana
When using the PlainLoginModule and a client application is providing a wrong
password, you get endless error logs telling:
{code:java}
[2020-10-15 07:00:05,263] INFO [SocketServer brokerId=4] Failed authentication
with myhost.mycompany.fr/192.168.35.194 (Authentication failed: Invalid
username or password) (org.apache.kafka.common.network.Selector)
[2020-10-15 07:00:06,400] INFO [SocketServer brokerId=4] Failed authentication
with myhost.mycompany.fr/192.168.35.194 (Authentication failed: Invalid
username or password) (org.apache.kafka.common.network.Selector){code}
When this client is running in Kubernetes the hostname and IP have no meaning
because they represent the Kubernetes host. So it's very hard for us to find
the misconfigured application.
I'd like to have the username in the error message so as to make it easier to
find the source of the error.
>From a security a point view it may be interesting to know that a given user
>is used to brute force a password or may have been pawned.
I seems easy to do it in
[https://github.com/apache/kafka/blob/trunk/clients/src/main/java/org/apache/kafka/common/security/plain/internals/PlainSaslServer.java#L107]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
