[
https://issues.apache.org/jira/browse/KAFKA-16214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17813166#comment-17813166
]
Luke Chen commented on KAFKA-16214:
-----------------------------------
PR: https://github.com/apache/kafka/pull/15280
> No user info when SASL authentication failure
> ---------------------------------------------
>
> Key: KAFKA-16214
> URL: https://issues.apache.org/jira/browse/KAFKA-16214
> Project: Kafka
> Issue Type: Bug
> Affects Versions: 3.6.0
> Reporter: Luke Chen
> Assignee: Luke Chen
> Priority: Major
>
> When client authenticate failed, the server will log with the client IP
> address only. The the IP address sometimes cannot represent a specific user,
> especially if there is proxy between client and server. Ex:
> {code:java}
> INFO [SocketServer listenerType=ZK_BROKER, nodeId=0] Failed authentication
> with /127.0.0.1 (channelId=127.0.0.1:9093-127.0.0.1:53223-5) (Authentication
> failed: Invalid username or password)
> (org.apache.kafka.common.network.Selector)
> {code}
> If there are many failed authentication log appeared in the server, it'd be
> better to identify who is triggering it soon. Adding the client info to the
> log is a good start.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
