Hi Nanda, It's great you figured it out. "KIP-1157 <https://cwiki.apache.org/confluence/display/KAFKA/KIP-1157%3A+Enforce+KafkaPrincipalSerde+Implementation+for+KafkaPrincipalBuilder>: Enforce KafkaPrincipalSerde Implementation for KafkaPrincipalBuilder" is proposed to fix this issue.
Thank you. Luke On Wed, Jun 11, 2025 at 12:39 AM Nanda Naga <nandan...@microsoft.com.invalid> wrote: > I figured this out issue - it is due to missing > serialization/deserialization logic for the custom principal > > Regards, > Nanda > > -----Original Message----- > From: Nanda Naga <nandan...@microsoft.com.INVALID> > Sent: Friday, June 6, 2025 1:19 PM > To: users@kafka.apache.org > Subject: [EXTERNAL] Kraft mode - Authz errors while doing alterconfig via > admin client > > [You don't often get email from nandan...@microsoft.com.invalid. Learn > why this is important at https://aka.ms/LearnAboutSenderIdentification ] > > In broker server properties and controller server properties, I have setup > the custom principal builder class name and custom acl authorizer (extends > standard authorizer) class name properly > > The normal produce/ consumes that the topic has acls works fine though > using the custom principal and custom acl authorizer. It works when it is > inter controller auth calls > > But when requests sent via admin client (using command prompt calls) or > via code that uses admin client, I see default principal being passed > (KafkaPrincipal) instead of my custom principal from broker to controller. > > Anything I miss here? > > If you need any more details, I can share > > Regards, > Nanda > >
