[ https://issues.apache.org/jira/browse/KAFKA-5994?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Manikumar reassigned KAFKA-5994: -------------------------------- Assignee: Manikumar > Improve transparency of broker user ACL misconfigurations > --------------------------------------------------------- > > Key: KAFKA-5994 > URL: https://issues.apache.org/jira/browse/KAFKA-5994 > Project: Kafka > Issue Type: Improvement > Components: security > Affects Versions: 0.10.2.1 > Reporter: Dustin Cote > Assignee: Manikumar > Priority: Major > Fix For: 2.2.0 > > > When the user for inter broker communication is not a super user and ACLs are > configured with allow.everyone.if.no.acl.found=false, the cluster will not > serve data. This is extremely confusing to debug because there is no security > negotiation problem or indication of an error other than no data can make it > in or out of the broker. If one knew to look in the authorizer log, it would > be more clear, but that didn't make it into my workflow at least. Here's an > example of a problematic debugging scenario > SASL_SSL, SSL, SASL_PLAINTEXT ports on the brokers > SASL user specified in `super.users` > SSL specified as the inter broker protocol > The only way I could figure out ACLs were an issue without gleaning it > through configuration inspection was that controlled shutdown indicated that > a cluster action had failed. > It would be good if we could be more transparent about the failure here. -- This message was sent by Atlassian JIRA (v7.6.3#76005)