kafka-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jun...@apache.org
Subject kafka git commit: trivial doc change for building customized user name
Date Tue, 17 Nov 2015 01:58:13 GMT
Repository: kafka
Updated Branches:
  refs/heads/trunk 6df9e7ff2 -> ae315264d


trivial doc change for building customized user name


Project: http://git-wip-us.apache.org/repos/asf/kafka/repo
Commit: http://git-wip-us.apache.org/repos/asf/kafka/commit/ae315264
Tree: http://git-wip-us.apache.org/repos/asf/kafka/tree/ae315264
Diff: http://git-wip-us.apache.org/repos/asf/kafka/diff/ae315264

Branch: refs/heads/trunk
Commit: ae315264dbc8a9efc5b5fbb1967a8a5df76dddb3
Parents: 6df9e7f
Author: Jun Rao <junrao@gmail.com>
Authored: Mon Nov 16 17:57:59 2015 -0800
Committer: Jun Rao <junrao@gmail.com>
Committed: Mon Nov 16 17:57:59 2015 -0800

----------------------------------------------------------------------
 docs/security.html | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/kafka/blob/ae315264/docs/security.html
----------------------------------------------------------------------
diff --git a/docs/security.html b/docs/security.html
index 923c40f..c99aa93 100644
--- a/docs/security.html
+++ b/docs/security.html
@@ -1,4 +1,4 @@
-<!--
+
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
@@ -265,6 +265,9 @@ Kafka ships with a pluggable Authorizer and an out-of-box authorizer implementat
 <pre>allow.everyone.if.no.acl.found=true</pre>
 One can also add super users in broker.properties like the following.
 <pre>super.users=User:Bob;User:Alice</pre>
+By default, the SSL user name will be of the form "CN=writeuser,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown".
One can change that by setting a customized PrincipalBuilder in broker.properties like the
following.
+<pre>principal.builder.classs=CustomizedPrincipalBuilderClass</pre>
+By default, the SASL user name will be the primary part of the Kerberos principal. One can
change that by setting <code>sasl.kerberos.principal.to.local.rules</code> to
a customized rule in broker.properties.
 <h4><a id="security_authz_cli" href="#security_authz_cli">Command Line Interface</a></h4>
 Kafka Authorization management CLI can be found under bin directory with all the other CLIs.
The CLI script is called <b>kafka-acls.sh</b>. Following lists all the options
that the script supports:
 <p></p>


Mime
View raw message