[
https://issues.apache.org/jira/browse/KAFKA-10798?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rajini Sivaram resolved KAFKA-10798.
------------------------------------
Reviewer: Manikumar
Resolution: Fixed
> Failed authentication delay doesn't work with some SASL authentication
> failures
> -------------------------------------------------------------------------------
>
> Key: KAFKA-10798
> URL: https://issues.apache.org/jira/browse/KAFKA-10798
> Project: Kafka
> Issue Type: Bug
> Components: security
> Reporter: Rajini Sivaram
> Assignee: Rajini Sivaram
> Priority: Major
> Fix For: 2.8.0
>
>
> KIP-306 introduced the config `connection.failed.authentication.delay.ms` to
> delay connection closing on brokers for failed authentication to limit the
> rate of retried authentications from clients in order to avoid excessive
> authentication load on brokers from failed clients. We rely on authentication
> failure response to be delayed in this case to prevent clients from detecting
> the failure and retrying sooner.
> SaslServerAuthenticator delays response for SaslAuthenticationException, but
> not for SaslException, even though SaslException is also converted into
> SaslAuthenticationException and processed as an authentication failure by
> both server and clients. As a result, connection delay is not applied in many
> scenarios like SCRAM authentication failures.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
