kafka git commit: KAFKA-3830; getTGT() debug logging exposes confidential information

Wed, 15 Jun 2016 09:33:23 -0700 

Repository: kafka
Updated Branches:
  refs/heads/0.10.0 9e2f067d1 -> 78ac7b6b0


KAFKA-3830; getTGT() debug logging exposes confidential information

Only log the client and server principals, which is what ZooKeeper does after 
ZOOKEEPER-2405.

Author: Ismael Juma <ism...@juma.me.uk>

Reviewers: Grant Henke <granthe...@gmail.com>, Sriharsha Chintalapani 
<har...@hortonworks.com>

Closes #1498 from ijuma/kafka-3830-get-tgt-debug-confidential

(cherry picked from commit 84ca887295efbd99a6a7d7363f77d59b7a42b642)
Signed-off-by: Sriharsha Chintalapani <har...@hortonworks.com>


Project: http://git-wip-us.apache.org/repos/asf/kafka/repo
Commit: http://git-wip-us.apache.org/repos/asf/kafka/commit/78ac7b6b
Tree: http://git-wip-us.apache.org/repos/asf/kafka/tree/78ac7b6b
Diff: http://git-wip-us.apache.org/repos/asf/kafka/diff/78ac7b6b

Branch: refs/heads/0.10.0
Commit: 78ac7b6b09b6c2c9062bcb98d7683c1f9a427b65
Parents: 9e2f067
Author: Ismael Juma <ism...@juma.me.uk>
Authored: Wed Jun 15 09:32:40 2016 -0700
Committer: Sriharsha Chintalapani <har...@hortonworks.com>
Committed: Wed Jun 15 09:32:55 2016 -0700

----------------------------------------------------------------------
 .../org/apache/kafka/common/security/kerberos/KerberosLogin.java  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/kafka/blob/78ac7b6b/clients/src/main/java/org/apache/kafka/common/security/kerberos/KerberosLogin.java
----------------------------------------------------------------------
diff --git 
a/clients/src/main/java/org/apache/kafka/common/security/kerberos/KerberosLogin.java
 
b/clients/src/main/java/org/apache/kafka/common/security/kerberos/KerberosLogin.java
index 58becdf..74b4ff2 100644
--- 
a/clients/src/main/java/org/apache/kafka/common/security/kerberos/KerberosLogin.java
+++ 
b/clients/src/main/java/org/apache/kafka/common/security/kerberos/KerberosLogin.java
@@ -334,7 +334,8 @@ public class KerberosLogin extends AbstractLogin {
         for (KerberosTicket ticket : tickets) {
             KerberosPrincipal server = ticket.getServer();
             if (server.getName().equals("krbtgt/" + server.getRealm() + "@" + 
server.getRealm())) {
-                log.debug("Found TGT {}.", ticket);
+                log.debug("Found TGT with client principal '{}' and server 
principal '{}'.", ticket.getClient().getName(),
+                        ticket.getServer().getName());
                 return ticket;
             }
         }

Reply via email to