KIP-152 — Improve diagnostics for SASL authentication failures
Accepted Kafka 1.0 Security
Changes broker SASL authentication to send a structured SaslAuthenticateResponse with an error code and human-readable message before closing the connection on authentication failure. Previously the broker silently closed the TCP connection on auth failure; clients could not distinguish authentication failures from network errors, making security incidents hard to diagnose.
Details
| Author | Rajini Sivaram |
| Status | Accepted |
| Kafka Version | 1.0 |
| JIRA | KAFKA-4764 |
| Wiki | View on Apache Wiki |
| Created | 2017-05-04 |
| Last Modified | 2019-02-12 |
Explore how this KIP affects the Kafka protocol in the Protocol Explorer, or see the full KIP database.