Rajini Sivaram created KAFKA-6004:
-------------------------------------
Summary: Enable custom authentication plugins to return error
messages to clients
Key: KAFKA-6004
URL: https://issues.apache.org/jira/browse/KAFKA-6004
Project: Kafka
Issue Type: Improvement
Components: security
Reporter: Rajini Sivaram
Assignee: Rajini Sivaram
Fix For: 1.0.1
KIP-152 enables authentication failures to be returned to clients to simplify
diagnosis of security configuration issues. At the moment, a fixed message is
returned to clients by SaslServerAuthenticator which says "Authentication
failed due to invalid credentials with SASL mechanism $mechanism".
We have added an error message string to SaslAuthenticateResponse to return
custom messages from the broker to clients. Custom SASL server implementations
may want to return more specific error messages in some cases. We should allow
this by returning error messages from specific exceptions (e.g.
org.apache.kafka.common.errors.AuthenticationException) in
SaslAuthenticateResponse. It would be better not to return the error message
from SaslException since it may contain information that we do not want to leak
to clients.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
