You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by "Flavio Junqueira (JIRA)" <ji...@apache.org> on 2016/04/01 08:45:25 UTC
[jira] [Commented] (KAFKA-3469) kafka-topics lock down znodes with
user principal when zk security is enabled.
[ https://issues.apache.org/jira/browse/KAFKA-3469?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15221262#comment-15221262 ]
Flavio Junqueira commented on KAFKA-3469:
-----------------------------------------
[~singhashish] I'm sorry, I missed the notification. Let me see if I understand this right:
bq. ZkUtils will lock down corresponding znodes for the user
You're saying that it sets the ACL with the wrong principal and consequently the brokers cannot use it? Currently, this is what we use:
{noformat}
list.addAll(ZooDefs.Ids.CREATOR_ALL_ACL)
list.addAll(ZooDefs.Ids.READ_ACL_UNSAFE)
{noformat}
For context, we did talk about having different credentials for admin tools when we released 0.9 if needed, so maybe we should do it, but let me try to understand the scenario a bit better first.
> kafka-topics lock down znodes with user principal when zk security is enabled.
> ------------------------------------------------------------------------------
>
> Key: KAFKA-3469
> URL: https://issues.apache.org/jira/browse/KAFKA-3469
> Project: Kafka
> Issue Type: Bug
> Reporter: Ashish K Singh
> Assignee: Ashish K Singh
>
> In envs where ZK is kerberized, if a user, other than user running kafka processes, creates a topic, ZkUtils will lock down corresponding znodes for the user. Kafka will not be able to modify those znodes and that leaves the topic unusable.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)