diff --git a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
index 203ee41996b..9cfa3c2f299 100644
--- a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
+++ b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/AuthenticationFilter.java
@@ -560,7 +560,11 @@ public class AuthenticationFilter implements Filter {
       // exception from the filter itself is fatal
       errCode = HttpServletResponse.SC_FORBIDDEN;
       authenticationEx = ex;
-      LOG.warn("Authentication exception: " + ex.getMessage(), ex);
+      if (LOG.isDebugEnabled()) {
+        LOG.debug("Authentication exception: " + ex.getMessage(), ex);
+      } else {
+        LOG.warn("Authentication exception: " + ex.getMessage());
+      }
     }
     if (unauthorizedResponse) {
       if (!httpResponse.isCommitted()) {
diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt
index 5c398d0adb4..d27d00a2f74 100644
--- a/hadoop-common-project/hadoop-common/CHANGES.txt
+++ b/hadoop-common-project/hadoop-common/CHANGES.txt
@@ -110,6 +110,9 @@ Release 2.7.1 - UNRELEASED
 
   BUG FIXES
 
+    HADOOP-11868. Invalid user logins trigger large backtraces in server log
+    (Chang Li via jlowe)
+
 Release 2.7.0 - 2015-04-20
 
   INCOMPATIBLE CHANGES