kafka-jira mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Manikumar (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KAFKA-5714) Allow whitespaces in the principal name
Date Wed, 16 Aug 2017 14:02:00 GMT

    [ https://issues.apache.org/jira/browse/KAFKA-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16128831#comment-16128831
] 

Manikumar commented on KAFKA-5714:
----------------------------------

>>The point is, that I am expecting the same behavior, whether I put this name in server.properties
with spaces, or without.
Ok..I got your point, but why are we expecting same behavior?  KafkaPricipal is formed from
the name of the principal rececived from the underlying channel. In the case of SSL, it is
string representation of the X.500 certificate.  This is comma separated attribute key/values
string without any spaces. So we expect the same string to used in configs(super.users) and
scripts (kafka-acls.sh). we also have PrincipalBuilder interface for any customization.

Not sure we want to trim white spaces from the principal name. let us hear others opinions
on this. 


> Allow whitespaces in the principal name
> ---------------------------------------
>
>                 Key: KAFKA-5714
>                 URL: https://issues.apache.org/jira/browse/KAFKA-5714
>             Project: Kafka
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 0.10.2.1
>            Reporter: Alla Tumarkin
>            Assignee: Manikumar
>
> Request
> Improve parser behavior to allow whitespaces in the principal name in the config file,
as in:
> {code}
> super.users=User:CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
> {code}
> Background
> Current implementation requires that there are no whitespaces after commas, i.e.
> {code}
> super.users=User:CN=Unknown,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown
> {code}
> Note: having a semicolon at the end doesn't help, i.e. this does not work either
> {code}
> super.users=User:CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown;
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message