ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Selvamohan Neethiraj (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-783) Default policy created during service creation for a Kafka service should better support non-secure kafka cluster
Date Wed, 03 Feb 2016 16:53:39 GMT

    [ https://issues.apache.org/jira/browse/RANGER-783?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15130668#comment-15130668
] 

Selvamohan Neethiraj commented on RANGER-783:
---------------------------------------------

[~aloklal99] - Can you update the status of this JIRA asap ?  Removing fixVersion of 0.5.1
from this JIRA.

> Default policy created during service creation for a Kafka service should better support
non-secure kafka cluster
> -----------------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-783
>                 URL: https://issues.apache.org/jira/browse/RANGER-783
>             Project: Ranger
>          Issue Type: Bug
>          Components: plugins
>    Affects Versions: 0.5.0
>            Reporter: Alok Lal
>            Assignee: Alok Lal
>             Fix For: 0.6.0
>
>
> Whenever a new Kafka service is added a default policy is also added granting the Kafka
service user all privileges on all topics.  This is done to ensure that inter-broker communication
(which is also seen and authorized by the authorizer) can work properly.  This approach works
well for secure kafka clusters authorized by Ranger.
> Kafka authorization, however, is now supported for both secure and non-secure deployments!
 Since user name received by the kafka authorizer in non-secure mode is the string {{ANONYMOUS}}
even for inter-broker traffic, default policy should refer to {{public}} user group instead
of referring to username  (usually "kafka") provided in the service configuration.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message