Repository: kafka Updated Branches: refs/heads/0.10.0 9e2f067d1 -> 78ac7b6b0
KAFKA-3830; getTGT() debug logging exposes confidential information Only log the client and server principals, which is what ZooKeeper does after ZOOKEEPER-2405. Author: Ismael Juma <ism...@juma.me.uk> Reviewers: Grant Henke <granthe...@gmail.com>, Sriharsha Chintalapani <har...@hortonworks.com> Closes #1498 from ijuma/kafka-3830-get-tgt-debug-confidential (cherry picked from commit 84ca887295efbd99a6a7d7363f77d59b7a42b642) Signed-off-by: Sriharsha Chintalapani <har...@hortonworks.com> Project: http://git-wip-us.apache.org/repos/asf/kafka/repo Commit: http://git-wip-us.apache.org/repos/asf/kafka/commit/78ac7b6b Tree: http://git-wip-us.apache.org/repos/asf/kafka/tree/78ac7b6b Diff: http://git-wip-us.apache.org/repos/asf/kafka/diff/78ac7b6b Branch: refs/heads/0.10.0 Commit: 78ac7b6b09b6c2c9062bcb98d7683c1f9a427b65 Parents: 9e2f067 Author: Ismael Juma <ism...@juma.me.uk> Authored: Wed Jun 15 09:32:40 2016 -0700 Committer: Sriharsha Chintalapani <har...@hortonworks.com> Committed: Wed Jun 15 09:32:55 2016 -0700 ---------------------------------------------------------------------- .../org/apache/kafka/common/security/kerberos/KerberosLogin.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/kafka/blob/78ac7b6b/clients/src/main/java/org/apache/kafka/common/security/kerberos/KerberosLogin.java ---------------------------------------------------------------------- diff --git a/clients/src/main/java/org/apache/kafka/common/security/kerberos/KerberosLogin.java b/clients/src/main/java/org/apache/kafka/common/security/kerberos/KerberosLogin.java index 58becdf..74b4ff2 100644 --- a/clients/src/main/java/org/apache/kafka/common/security/kerberos/KerberosLogin.java +++ b/clients/src/main/java/org/apache/kafka/common/security/kerberos/KerberosLogin.java @@ -334,7 +334,8 @@ public class KerberosLogin extends AbstractLogin { for (KerberosTicket ticket : tickets) { KerberosPrincipal server = ticket.getServer(); if (server.getName().equals("krbtgt/" + server.getRealm() + "@" + server.getRealm())) { - log.debug("Found TGT {}.", ticket); + log.debug("Found TGT with client principal '{}' and server principal '{}'.", ticket.getClient().getName(), + ticket.getServer().getName()); return ticket; } }