KIP-306 — Configuration for Delaying Response to Failed Authentication
Accepted Kafka 2.1 SecurityBroker
Adds a `connection.failed.authentication.delay.ms` broker config that delays the error response to a client that fails authentication, throttling brute-force and misconfigured reconnect storms. A misconfigured application reconnecting with invalid credentials can saturate broker network threads with authentication work, causing a denial-of-service for legitimate clients.
Details
| Author | Dhruvil Shah |
| Status | Accepted |
| Kafka Version | 2.1 |
| JIRA | KAFKA-6950 |
| Wiki | View on Apache Wiki |
| Created | 2018-05-19 |
| Last Modified | 2018-08-31 |
Explore how this KIP affects the Kafka protocol in the Protocol Explorer, or see the full KIP database.