[
https://issues.apache.org/jira/browse/KAFKA-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16127711#comment-16127711
]
Alla Tumarkin commented on KAFKA-5714:
--------------------------------------
If I have super.users=User:CN=Unknown, OU=Unknown, O=Unknown, L=Unknown,
ST=Unknown, C=Unknown (with spaces), there is an error in authorizer log
{code}
2017-08-11 12:37:26,560] DEBUG No acl found for resource Cluster:kafka-cluster,
authorized = false (kafka.authorizer.logger)
[2017-08-11 12:37:26,560] DEBUG Principal =
User:CN=Unknown,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown is Denied
Operation = ClusterAction from host = 127.0.0.1 on resource =
Cluster:kafka-cluster (kafka.authorizer.logger)
{code}
But if I use
super.users=User:CN=Unknown,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown
(without spaces), there is no such error.
Why is the behavior different?
> Allow whitespaces in the principal name
> ---------------------------------------
>
> Key: KAFKA-5714
> URL: https://issues.apache.org/jira/browse/KAFKA-5714
> Project: Kafka
> Issue Type: Improvement
> Components: security
> Affects Versions: 0.10.2.1
> Reporter: Alla Tumarkin
> Assignee: Manikumar
>
> Request
> Improve parser behavior to allow whitespaces in the principal name in the
> config file, as in:
> {code}
> super.users=User:CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown,
> C=Unknown
> {code}
> Background
> Current implementation requires that there are no whitespaces after commas,
> i.e.
> {code}
> super.users=User:CN=Unknown,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown
> {code}
> Note: having a semicolon at the end doesn't help, i.e. this does not work
> either
> {code}
> super.users=User:CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown,
> C=Unknown;
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
