kafka-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ij...@apache.org
Subject kafka git commit: MINOR: Refer consistently to server.properties in security docs
Date Tue, 19 Sep 2017 04:33:14 GMT
Repository: kafka
Updated Branches:
  refs/heads/trunk 0cf770800 -> 83bdcdbae


MINOR: Refer consistently to server.properties in security docs

Author: Manikumar Reddy <manikumar.reddy@gmail.com>

Reviewers: Ismael Juma <ismael@juma.me.uk>

Closes #3788 from omkreddy/RULE-DOC


Project: http://git-wip-us.apache.org/repos/asf/kafka/repo
Commit: http://git-wip-us.apache.org/repos/asf/kafka/commit/83bdcdba
Tree: http://git-wip-us.apache.org/repos/asf/kafka/tree/83bdcdba
Diff: http://git-wip-us.apache.org/repos/asf/kafka/diff/83bdcdba

Branch: refs/heads/trunk
Commit: 83bdcdbaef4e594ec5aac0736ffce5d0172c1671
Parents: 0cf7708
Author: Manikumar Reddy <manikumar.reddy@gmail.com>
Authored: Tue Sep 19 05:33:02 2017 +0100
Committer: Ismael Juma <ismael@juma.me.uk>
Committed: Tue Sep 19 05:33:02 2017 +0100

----------------------------------------------------------------------
 docs/security.html | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/kafka/blob/83bdcdba/docs/security.html
----------------------------------------------------------------------
diff --git a/docs/security.html b/docs/security.html
index dab00dd..3e469b2 100644
--- a/docs/security.html
+++ b/docs/security.html
@@ -154,7 +154,7 @@
                 <li>ssl.truststore.type=JKS</li>
                 <li>ssl.secure.random.implementation=SHA1PRNG</li>
             </ol>
-            If you want to enable SSL for inter-broker communication, add the following to
the broker properties file (it defaults to PLAINTEXT)
+            If you want to enable SSL for inter-broker communication, add the following to
the server.properties file (it defaults to PLAINTEXT)
             <pre>
             security.inter.broker.protocol=SSL</pre>
 
@@ -664,13 +664,13 @@
     </ol>
 
     <h3><a id="security_authz" href="#security_authz">7.4 Authorization and ACLs</a></h3>
-    Kafka ships with a pluggable Authorizer and an out-of-box authorizer implementation that
uses zookeeper to store all the acls. Kafka acls are defined in the general format of "Principal
P is [Allowed/Denied] Operation O From Host H On Resource R". You can read more about the
acl structure on KIP-11. In order to add, remove or list acls you can use the Kafka authorizer
CLI. By default, if a Resource R has no associated acls, no one other than super users is
allowed to access R. If you want to change that behavior, you can include the following in
broker.properties.
+    Kafka ships with a pluggable Authorizer and an out-of-box authorizer implementation that
uses zookeeper to store all the acls. Kafka acls are defined in the general format of "Principal
P is [Allowed/Denied] Operation O From Host H On Resource R". You can read more about the
acl structure on KIP-11. In order to add, remove or list acls you can use the Kafka authorizer
CLI. By default, if a Resource R has no associated acls, no one other than super users is
allowed to access R. If you want to change that behavior, you can include the following in
server.properties.
     <pre>allow.everyone.if.no.acl.found=true</pre>
-    One can also add super users in broker.properties like the following (note that the delimiter
is semicolon since SSL user names may contain comma).
+    One can also add super users in server.properties like the following (note that the delimiter
is semicolon since SSL user names may contain comma).
     <pre>super.users=User:Bob;User:Alice</pre>
-    By default, the SSL user name will be of the form "CN=writeuser,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown".
One can change that by setting a customized PrincipalBuilder in broker.properties like the
following.
+    By default, the SSL user name will be of the form "CN=writeuser,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown".
One can change that by setting a customized PrincipalBuilder in server.properties like the
following.
     <pre>principal.builder.class=CustomizedPrincipalBuilderClass</pre>
-    By default, the SASL user name will be the primary part of the Kerberos principal. One
can change that by setting <code>sasl.kerberos.principal.to.local.rules</code>
to a customized rule in broker.properties.
+    By default, the SASL user name will be the primary part of the Kerberos principal. One
can change that by setting <code>sasl.kerberos.principal.to.local.rules</code>
to a customized rule in server.properties.
     The format of <code>sasl.kerberos.principal.to.local.rules</code> is a list
where each rule works in the same way as the auth_to_local in <a href="http://web.mit.edu/Kerberos/krb5-latest/doc/admin/conf_files/krb5_conf.html">Kerberos
configuration file (krb5.conf)</a>. Each rules starts with RULE: and contains an expression
in the format [n:string](regexp)s/pattern/replacement/g. See the kerberos documentation for
more details. An example of adding a rule to properly translate user@MYDOMAIN.COM to user
while also keeping the default rule in place is:
     <pre>sasl.kerberos.principal.to.local.rules=RULE:[1:$1@$0](.*@MYDOMAIN.COM)s/@.*//,DEFAULT</pre>
 


Mime
View raw message