kafka-jira mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alla Tumarkin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KAFKA-5714) Allow whitespaces in the principal name
Date Fri, 11 Aug 2017 19:51:00 GMT

    [ https://issues.apache.org/jira/browse/KAFKA-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16123932#comment-16123932
] 

Alla Tumarkin commented on KAFKA-5714:
--------------------------------------

Here is the scenario (actual commands below)

- Remove all ACLs
- In server.properties, add the principal as it is in the certificate, without removing white
spaces 
{code}
super.users=User:CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
{code}
- Restart the broker
- Create a topic - will work
- Delete this topic - will mark for deletion but actually will not get deleted

To fix this, repeat the steps from above, with principal name that has no spaces
{code}
super.users=User:CN=Unknown,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown
{code}

Commands
{code}
bin/kafka-acls --authorizer-properties zookeeper.connect=localhost:2181 --list
bin/kafka-topics --zookeeper localhost:2181 --create --topic test --partitions 1 --replication-factor
1
bin/kafka-topics --zookeeper localhost:2181 --delete --topic test
{code}


> Allow whitespaces in the principal name
> ---------------------------------------
>
>                 Key: KAFKA-5714
>                 URL: https://issues.apache.org/jira/browse/KAFKA-5714
>             Project: Kafka
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 0.10.2.1
>            Reporter: Alla Tumarkin
>            Assignee: Manikumar
>
> Request
> Improve parser behavior to allow whitespaces in the principal name in the config file,
as in:
> {code}
> super.users=User:CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
> {code}
> Background
> Current implementation requires that there are no whitespaces after commas, i.e.
> {code}
> super.users=User:CN=Unknown,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown
> {code}
> Note: having a semicolon at the end doesn't help, i.e. this does not work either
> {code}
> super.users=User:CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown;
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message