kafka-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From srihar...@apache.org
Subject kafka git commit: KAFKA-3830; getTGT() debug logging exposes confidential information
Date Wed, 15 Jun 2016 16:32:47 GMT
Repository: kafka
Updated Branches:
  refs/heads/trunk 9ff54cb5d -> 84ca88729


KAFKA-3830; getTGT() debug logging exposes confidential information

Only log the client and server principals, which is what ZooKeeper does after ZOOKEEPER-2405.

Author: Ismael Juma <ismael@juma.me.uk>

Reviewers: Grant Henke <granthenke@gmail.com>, Sriharsha Chintalapani <harsha@hortonworks.com>

Closes #1498 from ijuma/kafka-3830-get-tgt-debug-confidential


Project: http://git-wip-us.apache.org/repos/asf/kafka/repo
Commit: http://git-wip-us.apache.org/repos/asf/kafka/commit/84ca8872
Tree: http://git-wip-us.apache.org/repos/asf/kafka/tree/84ca8872
Diff: http://git-wip-us.apache.org/repos/asf/kafka/diff/84ca8872

Branch: refs/heads/trunk
Commit: 84ca887295efbd99a6a7d7363f77d59b7a42b642
Parents: 9ff54cb
Author: Ismael Juma <ismael@juma.me.uk>
Authored: Wed Jun 15 09:32:40 2016 -0700
Committer: Sriharsha Chintalapani <harsha@hortonworks.com>
Committed: Wed Jun 15 09:32:40 2016 -0700

----------------------------------------------------------------------
 .../org/apache/kafka/common/security/kerberos/KerberosLogin.java  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/kafka/blob/84ca8872/clients/src/main/java/org/apache/kafka/common/security/kerberos/KerberosLogin.java
----------------------------------------------------------------------
diff --git a/clients/src/main/java/org/apache/kafka/common/security/kerberos/KerberosLogin.java
b/clients/src/main/java/org/apache/kafka/common/security/kerberos/KerberosLogin.java
index 58becdf..74b4ff2 100644
--- a/clients/src/main/java/org/apache/kafka/common/security/kerberos/KerberosLogin.java
+++ b/clients/src/main/java/org/apache/kafka/common/security/kerberos/KerberosLogin.java
@@ -334,7 +334,8 @@ public class KerberosLogin extends AbstractLogin {
         for (KerberosTicket ticket : tickets) {
             KerberosPrincipal server = ticket.getServer();
             if (server.getName().equals("krbtgt/" + server.getRealm() + "@" + server.getRealm()))
{
-                log.debug("Found TGT {}.", ticket);
+                log.debug("Found TGT with client principal '{}' and server principal '{}'.",
ticket.getClient().getName(),
+                        ticket.getServer().getName());
                 return ticket;
             }
         }


Mime
View raw message