You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by "Gibson, Todd" <To...@earlywarning.com> on 2016/05/12 16:14:15 UTC
Bug in KafkaLog4jAppender Kerberos support
I apologize if this is the wrong place to report bugs...
And I'm not sure this is really a bug, just an improvement that would make my life easier.
The code below was added to the KafkaLog4jAppender in version 10.0.0 to support Kerberos. I think the null check for clientJaasConfPath should be moved, similar to how kerb5ConfPath is handled. The reason is that clientJaasConfPath is only used to set the java.security.auth.login.config system property, which can also be set elsewhere (JVM option, other code). If the system property has already been set, I see no reason to require it to be specified again in the log4j properties.
if (securityProtocol != null && securityProtocol.contains("SASL") && saslKerberosServiceName != null && clientJaasConfPath != null) {
props.put(SASL_KERBEROS_SERVICE_NAME, saslKerberosServiceName);
System.setProperty("java.security.auth.login.config", clientJaasConfPath);
if (kerb5ConfPath != null) {
System.setProperty("java.security.krb5.conf", kerb5ConfPath);
}
}
Was there a reason for requiring it here?
Thanks,
Todd Gibson
Re: Bug in KafkaLog4jAppender Kerberos support
Posted by Gwen Shapira <gw...@confluent.io>.
In general, https://issues.apache.org/jira/browse/KAFKA would be a
good place to report such issues.
You can also submit a solution through a github pull request:
https://github.com/apache/kafka
As far as I can see, you are correct and there is no reason to require
a configuration if you can also pass it through a system property.
Gwen
On Thu, May 12, 2016 at 9:14 AM, Gibson, Todd
<To...@earlywarning.com> wrote:
> I apologize if this is the wrong place to report bugs...
>
> And I'm not sure this is really a bug, just an improvement that would make my life easier.
>
> The code below was added to the KafkaLog4jAppender in version 10.0.0 to support Kerberos. I think the null check for clientJaasConfPath should be moved, similar to how kerb5ConfPath is handled. The reason is that clientJaasConfPath is only used to set the java.security.auth.login.config system property, which can also be set elsewhere (JVM option, other code). If the system property has already been set, I see no reason to require it to be specified again in the log4j properties.
>
> if (securityProtocol != null && securityProtocol.contains("SASL") && saslKerberosServiceName != null && clientJaasConfPath != null) {
> props.put(SASL_KERBEROS_SERVICE_NAME, saslKerberosServiceName);
> System.setProperty("java.security.auth.login.config", clientJaasConfPath);
> if (kerb5ConfPath != null) {
> System.setProperty("java.security.krb5.conf", kerb5ConfPath);
> }
> }
>
> Was there a reason for requiring it here?
>
> Thanks,
>
> Todd Gibson