Johan Ström created KAFKA-4943:
----------------------------------
Summary: SCRAM secret's should be better protected with Zookeeper
ACLs
Key: KAFKA-4943
URL: https://issues.apache.org/jira/browse/KAFKA-4943
Project: Kafka
Issue Type: Improvement
Reporter: Johan Ström
With the new SCRAM authenticator the secrets are stored in Zookeeper:
{code}
get /kafka/config/users/alice
{"version":1,"config":{"SCRAM-SHA-512":"salt=ODhnZjNkdWZibTV1cG1zdnV6bmh6djF3Mg==,stored_key=BAbHWHuGEb4m5+U+p0M9oFQmOPhU6M7q5jtZY8deDDoZCvxaqVNLz41yPzdgcp1WpiEBmfwYOuFlo9hMFKM7mA==,server_key=JW3KhpMeyUgh0OAC0kejuFUvUSlXBv/Z68tlfOWcMw5f5jrBwyBnjNQ9VZsSYz1AcI9IYaQ5S6H3yN39SieNiA==,iterations=4096"}}
{code}
These are stored without any ACL, and zookeeper-security-migration.sh does not
seem to change that either:
{code}
getAcl /kafka/config/users/alice
'world,'anyone
: cdrwa
getAcl /kafka/config/users
'world,'anyone
: cdrwa
getAcl /kafka
'world,'anyone
: r
'sasl,'bob
: cdrwa
getAcl /kafka/config/changes
'world,'anyone
: r
'sasl,'bob
: cdrwa
{code}
The above output is after running security migrator, for some reason
/kafka/config/users is ignored, but others are fixed..
Even if these where to be stored with secure ZkUtils#DefaultAcls, they would be
world readable.
>From my (limited) point of view, they should be readable by Kafka only.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
