Hi Ramkumar,
This is being fixed for 1.0.0.
a) Retries will be removed for authentication failures.
b) With the current behaviour, retries do add load on the broker as new
connections are established for retries. There is a backoff interval
between connections to reduce the impact.
Regards,
Raj
Hi,
Can you pls let me know if this is resolved or any work around is there. I am
using Kafka 0.11.0.1 version.
a. When incorrect credentials are sent the publisher or consumer API,
logs below warning error , but keeps retrying to broker with out disconnecting.
b. We are using kaf
Hi all,
If there are no more comments, I will start vote on this KIP tomorrow.
Please let me know if there are any concerns.
Thanks,
Rajini
On Mon, Aug 21, 2017 at 9:24 AM, Rajini Sivaram
wrote:
> Hi Jun,
>
> Thank you for the review.
>
> 1. Each token response will indicate success/failure.
Hi Jun,
Thank you for the review.
1. Each token response will indicate success/failure. At the moment, the
broker simply closes the connection in the case of failure. With this KIP,
an empty token with an error_code indicating authentication failure will be
sent by the broker before closing the c
Ismael,
Thank you for the review. I have updated the motivation section.
On Fri, Aug 18, 2017 at 1:59 PM, Ismael Juma wrote:
> Thanks Rajini. The changes look good. We have to update the motivation to
> take into account the improvements in 0.11:
>
> "With the current Kafka SASL implementation,
Hi, Rajini,
Thanks for the KIP. Looks good overall. Just a couple of minor comments.
1. "The final message from the broker will indicate if authentication
succeeded or failed." Are we doing something special for the final message?
I thought each token response will indicate success or failure in
Thanks Rajini. The changes look good. We have to update the motivation to
take into account the improvements in 0.11:
"With the current Kafka SASL implementation, broker closes the client
connection if SASL authentication fails. Clients see this as a connection
failure and do not get any feedback
Hi Rajini,
Thanks for the KIP. It looks good to me.
It would be great if it can make it to 1.0.0.
--Vahid
From: Rajini Sivaram
To: dev
Date: 08/15/2017 01:23 PM
Subject:Re: [DISCUSS] KIP-152 - Improve diagnostics for SASL
authentication failures
I have updated the KIP
I have updated the KIP based on the discussions so far. It will be good if
we can get some more feedback so that this can be implemented for 1.0.0.
Thanks,
Rajini
On Thu, May 4, 2017 at 10:22 PM, Ismael Juma wrote:
> Hi Rajini,
>
> I think we were talking about slightly different things. I w
Hi Rajini,
I think we were talking about slightly different things. I was just
referring to the fact that there are cases where we throw an
AuthorizationException back to the user without retrying from various
methods (poll, commitSync, etc).
As you said, my initial preference was for not retryin
Hi Rajini, great KIP!
This solution was proposed on the original KIP-43 thread but voted down, so
let's hope it does better this time :)
/Magnus
2017-05-04 13:37 GMT+02:00 Rajini Sivaram :
> Hi all,
>
> I have created a KIP to improve diagnostics for SASL authentication
> failures and reduce re
Hi Ismael,
I thought the blocking waits in the producer and consumer are always
related to retrying for metadata. So an authorization exception that
impacts this wait can only be due to Describe authorization failure - that
always retries?
I agree that connecting to different brokers when authent
H Rajini,
Comments inline.
On Thu, May 4, 2017 at 2:29 PM, Rajini Sivaram
wrote:
> Hi Ismael,
>
> Thank you for reviewing the KIP.
>
> An authenticated client that is not authorized to access a topic is never
> told that the operation was not authorized. This is to prevent the client
> from fin
Hi Ismael,
Thank you for reviewing the KIP.
An authenticated client that is not authorized to access a topic is never
told that the operation was not authorized. This is to prevent the client
from finding out if the topic exists by sending an unauthorized request. So
in this case, the client will
Thanks Rajini. This is a good improvement. One question, the proposal
states:
Producer waitForMetadata and consumer ensureCoordinatorReady will be
> updated to throw AuthenticationFailedException if connections to all
> available brokers fail authentication.
Can you elaborate on the reason why w
Hi all,
I have created a KIP to improve diagnostics for SASL authentication
failures and reduce retries and blocking when authentication fails:
https://cwiki.apache.org/confluence/display/KAFKA/KIP-152+-+Improve+diagnostics+for+SASL+authentication+failures
Comments and suggestions are welcome.
16 matches
Mail list logo
