Repository: kafka Updated Branches: refs/heads/trunk 9ff54cb5d -> 84ca88729
KAFKA-3830; getTGT() debug logging exposes confidential information Only log the client and server principals, which is what ZooKeeper does after ZOOKEEPER-2405. Author: Ismael Juma <[email protected]> Reviewers: Grant Henke <[email protected]>, Sriharsha Chintalapani <[email protected]> Closes #1498 from ijuma/kafka-3830-get-tgt-debug-confidential Project: http://git-wip-us.apache.org/repos/asf/kafka/repo Commit: http://git-wip-us.apache.org/repos/asf/kafka/commit/84ca8872 Tree: http://git-wip-us.apache.org/repos/asf/kafka/tree/84ca8872 Diff: http://git-wip-us.apache.org/repos/asf/kafka/diff/84ca8872 Branch: refs/heads/trunk Commit: 84ca887295efbd99a6a7d7363f77d59b7a42b642 Parents: 9ff54cb Author: Ismael Juma <[email protected]> Authored: Wed Jun 15 09:32:40 2016 -0700 Committer: Sriharsha Chintalapani <[email protected]> Committed: Wed Jun 15 09:32:40 2016 -0700 ---------------------------------------------------------------------- .../org/apache/kafka/common/security/kerberos/KerberosLogin.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/kafka/blob/84ca8872/clients/src/main/java/org/apache/kafka/common/security/kerberos/KerberosLogin.java ---------------------------------------------------------------------- diff --git a/clients/src/main/java/org/apache/kafka/common/security/kerberos/KerberosLogin.java b/clients/src/main/java/org/apache/kafka/common/security/kerberos/KerberosLogin.java index 58becdf..74b4ff2 100644 --- a/clients/src/main/java/org/apache/kafka/common/security/kerberos/KerberosLogin.java +++ b/clients/src/main/java/org/apache/kafka/common/security/kerberos/KerberosLogin.java @@ -334,7 +334,8 @@ public class KerberosLogin extends AbstractLogin { for (KerberosTicket ticket : tickets) { KerberosPrincipal server = ticket.getServer(); if (server.getName().equals("krbtgt/" + server.getRealm() + "@" + server.getRealm())) { - log.debug("Found TGT {}.", ticket); + log.debug("Found TGT with client principal '{}' and server principal '{}'.", ticket.getClient().getName(), + ticket.getServer().getName()); return ticket; } }
