Pawel Tomasik created KAFKA-4874:
------------------------------------
Summary: SASL driven connnections are not dropped when client
ticket expires
Key: KAFKA-4874
URL: https://issues.apache.org/jira/browse/KAFKA-4874
Project: Kafka
Issue Type: Wish
Components: security
Affects Versions: 0.10.2.0
Reporter: Pawel Tomasik
Priority: Minor
The proposal is to improve SASL protocol logic
Broker verifies ticket provided by client only at the moment of connection
establishment.
Even if account related to the client's principal is revoked and client is not
able to refresh ticket, the session is never dropped,
As long lived connections are typical for Kafka it may be worth adding an
option to force client credentials challenge
Possible solution is a broker config parameter defining re-login interval
Broker shall periodically force connected clients to provide valid ticket
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
