[jira] [Updated] (KAFKA-14135) KafkaConfig value sasl.server.callback.handler.class is set to null even when custom class is used

Wed, 03 Aug 2022 05:40:08 -0700 


     [ 
https://issues.apache.org/jira/browse/KAFKA-14135?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Gábor Nagy updated KAFKA-14135:
-------------------------------
    Description: 
As mentioned in the summary, the value `sasl.server.callback.handler.class` is 
set to `null` in the terminal printout of the KafkaConfig object, even though a 
custom handler class has been configured, and has been confirmed to be used by 
Kafka (by testing the callback's behavior).

 

This issue can (has) lead to hours of unnecessary debugging, as well as 
potential security issues, since not knowing if your brokers are using, for 
example, the insecure SASL/OAUTHBEARER default handler bundled with Kafka, or 
some custom implementation, can lead to security breaches.

  was:
As mentioned in the summary, the value `sasl.server.callback.handler.class` is 
set to `null` in the terminal printout of the KafkaConfig object, even though a 
custom handler class has been configured, and has been confirmed to be used by 
Kafka (by testing the callback's behavior).

 

This issue can (has) lead to hours of unnecessary debugging, as well as 
potential security issues, since not knowing if you brokers are using, for 
example, the insecure SASL/OAUTHBEARER default handler bundled with Kafka, or 
some custom implementation, can lead to security breaches.


> KafkaConfig value sasl.server.callback.handler.class is set to null even when 
> custom class is used
> --------------------------------------------------------------------------------------------------
>
>                 Key: KAFKA-14135
>                 URL: https://issues.apache.org/jira/browse/KAFKA-14135
>             Project: Kafka
>          Issue Type: Bug
>          Components: config, security
>    Affects Versions: 3.2.0
>            Reporter: Gábor Nagy
>            Priority: Major
>         Attachments: KafkaConfigPrintoutPartial.png, 
> ServerPropertiesPartial.png
>
>
> As mentioned in the summary, the value `sasl.server.callback.handler.class` 
> is set to `null` in the terminal printout of the KafkaConfig object, even 
> though a custom handler class has been configured, and has been confirmed to 
> be used by Kafka (by testing the callback's behavior).
>  
> This issue can (has) lead to hours of unnecessary debugging, as well as 
> potential security issues, since not knowing if your brokers are using, for 
> example, the insecure SASL/OAUTHBEARER default handler bundled with Kafka, or 
> some custom implementation, can lead to security breaches.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to