kafka 添加了acl 认证,其中的 --allow-principal User: 后面到底指的是什么?

冰晶睡梦猪 发表于: 2017-01-11   最后更新时间: 2017-01-11  
  •   7 订阅,366 游览

我在kafka 添加了ACL认证,并且已经可以成功控制某个IP地址能访问,或者不能访问对应的topic,但是当我新建一个topic的时候,想给这个topic添加一个只能某个ip下某个特定用户有读写权限的时候,不论怎么加都不行,只有添加User:*,这个ip下的用户才能访问。但是就相当于这个ip下的所有用户都有权限,没有针对单个用户设定权限。请前辈指教下,这里的user到底应该怎么加才能实现对单个用户授权。是需要在加ssl和sasl?
rhel6712950是我的想授权的主机hostname,ip是10.253.129.50.root是我的用户,我为topic testacl添加了如下acl
Following is list of acls for resource: Topic:testacl
User:rhel6712950 has Allow permission for operations: Write from hosts: 10.253.129.50
User:rhel6712950 has Allow permission for operations: Read from hosts: 10.253.129.50

User:root@rhel6712950 has Allow permission for operations: Read from hosts: 10.253.129.50
User:root@rhel6712950 has Allow permission for operations: Write from hosts: 10.253.129.50
User:root has Allow permission for operations: Read from hosts: 10.253.129.50
User:root has Allow permission for operations: Write from hosts: 10.253.129.50
但是root用户还是无法访问testacl这个topic,只有添加了如下的才有权访问
User: has Allow permission for operations: Read from hosts: 10.253.129.50
User:
has Allow permission for operations: Write from hosts: 10.253.129.50







发表于: 3月前   最后更新时间: 3月前   游览量:366
上一条: kafka适配kerberos后启动失败
下一条: kafka0.10 kafka-consumer-groups.sh的结果只有一个组:KafkaManagerOffsetCache。但是实际上集群中是有很多正在消费的组。这是为什么?
评论…

  • 求大神指导下
    最后两行少复制了但是root用户还是无法访问testacl这个topic,只有添加了如下的才有权访问
    User:* has Allow permission for operations: Read from hosts: 10.253.129.50
    User:*
    has Allow permission for operations: Write from hosts: 10.253.129.50
  • 评论…
    • in this conversation
      提问