You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kafka.apache.org by ma...@apache.org on 2023/05/20 16:28:10 UTC
[kafka] branch 3.4 updated: MINOR: Add System Properties to config documentation section (#13737)
This is an automated email from the ASF dual-hosted git repository.
manikumar pushed a commit to branch 3.4
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/3.4 by this push:
new bf7bc5399c9 MINOR: Add System Properties to config documentation section (#13737)
bf7bc5399c9 is described below
commit bf7bc5399c9533e3dbfb2d4c6847884d7eb7d2a1
Author: Manikumar Reddy <ma...@gmail.com>
AuthorDate: Sat May 20 21:53:44 2023 +0530
MINOR: Add System Properties to config documentation section (#13737)
Reviewers: Josep Prat <jo...@aiven.io>
---
docs/configuration.html | 18 ++++++++++++++++++
docs/toc.html | 1 +
2 files changed, 19 insertions(+)
diff --git a/docs/configuration.html b/docs/configuration.html
index ceb671ca750..3da38944f1b 100644
--- a/docs/configuration.html
+++ b/docs/configuration.html
@@ -266,6 +266,24 @@
<h3 class="anchor-heading"><a id="adminclientconfigs" class="anchor-link"></a><a href="#adminclientconfigs">3.7 Admin Configs</a></h3>
Below is the configuration of the Kafka Admin client library.
<!--#include virtual="generated/admin_client_config.html" -->
+
+ <h3 class="anchor-heading"><a id="systemproperties" class="anchor-link"></a><a href="#systemproperties">3.8 System Properties</a></h3>
+ Kafka supports some configuration that can be enabled through Java system properties. System properties are usually set by passing the -D flag to the Java virtual machine in which Kafka components are running.
+ Below are the supported system properties.
+ <ul class="config-list">
+ <li>
+ <h4><a id="org.apache.kafka.disallowed.login.modules"></a><a id="systemproperties_org.apache.kafka.disallowed.login.modules" href="#systemproperties_org.apache.kafka.disallowed.login.modules">org.apache.kafka.disallowed.login.modules</a></h4>
+ <p>This system property is used to disable the problematic login modules usage in SASL JAAS configuration. This property accepts comma-separated list of loginModule names. By default <b>com.sun.security.auth.module.JndiLoginModule</b> loginModule is disabled.
+ <p>If users want to enable JndiLoginModule, users need to explicitly reset the system property like below. We advise the users to validate configurations and only allow trusted JNDI configurations. For more details <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-25194">CVE-2023-25194</a>.
+ <p><pre class="brush: bash;"> -Dorg.apache.kafka.disallowed.login.modules=</pre>
+ <p>To disable more loginModules, update the system property with comma-separated loginModule names. Make sure to explicitly add <b>JndiLoginModule</b> module name to the comma-separated list like below.
+ <p><pre class="brush: bash;"> -Dorg.apache.kafka.disallowed.login.modules=com.sun.security.auth.module.JndiLoginModule,com.ibm.security.auth.module.LdapLoginModule,com.ibm.security.auth.module.Krb5LoginModule</pre>
+ <table><tbody>
+ <tr><th>Since:</th><td>3.4.0</td></tr>
+ <tr><th>Default Value:</th><td>com.sun.security.auth.module.JndiLoginModule</td></tr>
+ </tbody></table>
+ </li>
+ </ul>
</script>
<div class="p-configuration"></div>
diff --git a/docs/toc.html b/docs/toc.html
index 356bf52f431..d6015152d04 100644
--- a/docs/toc.html
+++ b/docs/toc.html
@@ -51,6 +51,7 @@
</ul>
<li><a href="#streamsconfigs">3.6 Kafka Streams Configs</a>
<li><a href="#adminclientconfigs">3.7 AdminClient Configs</a>
+ <li><a href="#systemproperties">3.8 System Properties</a>
</ul>
</li>
<li><a href="#design">4. Design</a>