codelipenghui commented on PR #19390: URL: https://github.com/apache/pulsar/pull/19390#issuecomment-1418379758
> I don't think we should let the proxy authenticate using an anonymous role. I started work in https://github.com/apache/pulsar/pull/19270 to propose that we make stricter requirements so that when a connection is started by a proxy, the authRole must be a proxy role (we know because the command has the originalPrincipal and maybe the originalAuthData). That work is only a draft because of some edge cases that will be resolved by https://github.com/apache/pulsar/pull/19409. I propose that we consider a proxy connecting as the anonymous role as a misconfiguration. Sound good to me. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
