THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Allow kafka-delegation-tokens.sh script with "--create" option to take owner details principal from "--owner-principal" option.
| Code Block | ||
|---|---|---|
| ||
>> bin/kafka-delegation-token.sh --bootstrap-server broker1:9092 --create -owner-principal User:owner1 --renewer-principal User:renewer1 --max-life-time 1486750745585 |
Proposed Changes
The token requester must be authenticated using any of the available secure channels (Kerberos, SCRAM, SSL) to generate tokens for other users. The token requester can not use delegation token based authentication for generating tokens.
Compatibility, Deprecation, and Migration Plan
- What impact (if any) will there be on existing users?
- If we are changing behavior how will we phase out the older behavior?
- If we need special migration tools, describe them here.
- When will we remove the existing behavior?
...
Older version of the the modified CreateTokenRequest APIs will continue to work as expected. When using older API, owner and token requester principals will be set to same.