kafka-jira mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alla Tumarkin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KAFKA-5714) Allow whitespaces in the principal name
Date Tue, 15 Aug 2017 18:55:00 GMT

    [ https://issues.apache.org/jira/browse/KAFKA-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16127711#comment-16127711
] 

Alla Tumarkin commented on KAFKA-5714:
--------------------------------------

If I have super.users=User:CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
(with spaces), there is an error in authorizer log
{code}
2017-08-11 12:37:26,560] DEBUG No acl found for resource Cluster:kafka-cluster, authorized
= false (kafka.authorizer.logger)
[2017-08-11 12:37:26,560] DEBUG Principal = User:CN=Unknown,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown
is Denied Operation = ClusterAction from host = 127.0.0.1 on resource = Cluster:kafka-cluster
(kafka.authorizer.logger)
{code}
But if I use super.users=User:CN=Unknown,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown
(without spaces), there is no such error.

Why is the behavior different?

> Allow whitespaces in the principal name
> ---------------------------------------
>
>                 Key: KAFKA-5714
>                 URL: https://issues.apache.org/jira/browse/KAFKA-5714
>             Project: Kafka
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 0.10.2.1
>            Reporter: Alla Tumarkin
>            Assignee: Manikumar
>
> Request
> Improve parser behavior to allow whitespaces in the principal name in the config file,
as in:
> {code}
> super.users=User:CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
> {code}
> Background
> Current implementation requires that there are no whitespaces after commas, i.e.
> {code}
> super.users=User:CN=Unknown,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown
> {code}
> Note: having a semicolon at the end doesn't help, i.e. this does not work either
> {code}
> super.users=User:CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown;
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message