[ https://issues.apache.org/jira/browse/KAFKA-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16127711#comment-16127711 ]
Alla Tumarkin commented on KAFKA-5714: -------------------------------------- If I have super.users=User:CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown (with spaces), there is an error in authorizer log {code} 2017-08-11 12:37:26,560] DEBUG No acl found for resource Cluster:kafka-cluster, authorized = false (kafka.authorizer.logger) [2017-08-11 12:37:26,560] DEBUG Principal = User:CN=Unknown,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown is Denied Operation = ClusterAction from host = 127.0.0.1 on resource = Cluster:kafka-cluster (kafka.authorizer.logger) {code} But if I use super.users=User:CN=Unknown,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown (without spaces), there is no such error. Why is the behavior different? > Allow whitespaces in the principal name > --------------------------------------- > > Key: KAFKA-5714 > URL: https://issues.apache.org/jira/browse/KAFKA-5714 > Project: Kafka > Issue Type: Improvement > Components: security > Affects Versions: 0.10.2.1 > Reporter: Alla Tumarkin > Assignee: Manikumar > > Request > Improve parser behavior to allow whitespaces in the principal name in the > config file, as in: > {code} > super.users=User:CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, > C=Unknown > {code} > Background > Current implementation requires that there are no whitespaces after commas, > i.e. > {code} > super.users=User:CN=Unknown,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown > {code} > Note: having a semicolon at the end doesn't help, i.e. this does not work > either > {code} > super.users=User:CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, > C=Unknown; > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)