kafka-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From guozh...@apache.org
Subject [kafka] branch trunk updated: MINOR: Add authorizer.class.name to the security section in documentation (#4310)
Date Fri, 26 Jan 2018 19:40:38 GMT
This is an automated email from the ASF dual-hosted git repository.

guozhang pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/kafka.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 93ab94d  MINOR: Add authorizer.class.name to the security section in documentation
(#4310)
93ab94d is described below

commit 93ab94d7edcbf577747d306c19fc5378dd092d76
Author: Jakub Scholz <www@scholzj.com>
AuthorDate: Fri Jan 26 20:40:35 2018 +0100

    MINOR: Add authorizer.class.name to the security section in documentation (#4310)
---
 docs/security.html | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/security.html b/docs/security.html
index c8e20ea..4e401ae 100644
--- a/docs/security.html
+++ b/docs/security.html
@@ -664,7 +664,9 @@
     </ol>
 
     <h3><a id="security_authz" href="#security_authz">7.4 Authorization and ACLs</a></h3>
-    Kafka ships with a pluggable Authorizer and an out-of-box authorizer implementation that
uses zookeeper to store all the acls. Kafka acls are defined in the general format of "Principal
P is [Allowed/Denied] Operation O From Host H On Resource R". You can read more about the
acl structure on KIP-11. In order to add, remove or list acls you can use the Kafka authorizer
CLI. By default, if a Resource R has no associated acls, no one other than super users is
allowed to access R. If you [...]
+    Kafka ships with a pluggable Authorizer and an out-of-box authorizer implementation that
uses zookeeper to store all the acls. The Authorizer is configured by setting <code>authorizer.class.name</code>
in server.properties. To enable the out of the box implementation use:
+    <pre>authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer</pre>
+    Kafka acls are defined in the general format of "Principal P is [Allowed/Denied] Operation
O From Host H On Resource R". You can read more about the acl structure on KIP-11. In order
to add, remove or list acls you can use the Kafka authorizer CLI. By default, if a Resource
R has no associated acls, no one other than super users is allowed to access R. If you want
to change that behavior, you can include the following in server.properties.
     <pre>allow.everyone.if.no.acl.found=true</pre>
     One can also add super users in server.properties like the following (note that the delimiter
is semicolon since SSL user names may contain comma).
     <pre>super.users=User:Bob;User:Alice</pre>

-- 
To stop receiving notification emails like this one, please contact
guozhang@apache.org.

Mime
View raw message