ZOOKEEPER-2405: getTGT() in Login.java mishandles confidential information (Michael Han via phunt)
git-svn-id: https://svn.apache.org/repos/asf/zookeeper/trunk@1745534 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/CHANGES.txt b/CHANGES.txt
index 040e583..d160739 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -305,6 +305,9 @@
ZOOKEEPER-2423: Upgrade Netty version due to security vulnerability
(CVE-2014-3488) (Michael Han via phunt)
+ ZOOKEEPER-2405: getTGT() in Login.java mishandles confidential
+ information (Michael Han via phunt)
+
IMPROVEMENTS:
ZOOKEEPER-2024 Major throughput improvement with mixed workloads (Kfir Lev-Ari via shralex)
diff --git a/src/java/main/org/apache/zookeeper/Login.java b/src/java/main/org/apache/zookeeper/Login.java
index 3ea666b..fd9a4c2 100644
--- a/src/java/main/org/apache/zookeeper/Login.java
+++ b/src/java/main/org/apache/zookeeper/Login.java
@@ -335,7 +335,8 @@
for(KerberosTicket ticket: tickets) {
KerberosPrincipal server = ticket.getServer();
if (server.getName().equals("krbtgt/" + server.getRealm() + "@" + server.getRealm())) {
- LOG.debug("Found tgt {}.", ticket);
+ LOG.debug("Client principal is \"" + ticket.getClient().getName() + "\".");
+ LOG.debug("Server principal is \"" + ticket.getServer().getName() + "\".");
return ticket;
}
}
