[
https://issues.apache.org/jira/browse/KAFKA-3469?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15221262#comment-15221262
]
Flavio Junqueira commented on KAFKA-3469:
-----------------------------------------
[~singhashish] I'm sorry, I missed the notification. Let me see if I understand
this right:
bq. ZkUtils will lock down corresponding znodes for the user
You're saying that it sets the ACL with the wrong principal and consequently
the brokers cannot use it? Currently, this is what we use:
{noformat}
list.addAll(ZooDefs.Ids.CREATOR_ALL_ACL)
list.addAll(ZooDefs.Ids.READ_ACL_UNSAFE)
{noformat}
For context, we did talk about having different credentials for admin tools
when we released 0.9 if needed, so maybe we should do it, but let me try to
understand the scenario a bit better first.
> kafka-topics lock down znodes with user principal when zk security is enabled.
> ------------------------------------------------------------------------------
>
> Key: KAFKA-3469
> URL: https://issues.apache.org/jira/browse/KAFKA-3469
> Project: Kafka
> Issue Type: Bug
> Reporter: Ashish K Singh
> Assignee: Ashish K Singh
>
> In envs where ZK is kerberized, if a user, other than user running kafka
> processes, creates a topic, ZkUtils will lock down corresponding znodes for
> the user. Kafka will not be able to modify those znodes and that leaves the
> topic unusable.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
