Pawel Tomasik created KAFKA-4874: ------------------------------------ Summary: SASL driven connnections are not dropped when client ticket expires Key: KAFKA-4874 URL: https://issues.apache.org/jira/browse/KAFKA-4874 Project: Kafka Issue Type: Wish Components: security Affects Versions: 0.10.2.0 Reporter: Pawel Tomasik Priority: Minor
The proposal is to improve SASL protocol logic Broker verifies ticket provided by client only at the moment of connection establishment. Even if account related to the client's principal is revoked and client is not able to refresh ticket, the session is never dropped, As long lived connections are typical for Kafka it may be worth adding an option to force client credentials challenge Possible solution is a broker config parameter defining re-login interval Broker shall periodically force connected clients to provide valid ticket -- This message was sent by Atlassian JIRA (v6.3.15#6346)