You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kafka.apache.org by ju...@apache.org on 2015/11/14 03:07:44 UTC
kafka-site git commit: trivial 0.9.0 doc changes for AclCommand
Repository: kafka-site
Updated Branches:
refs/heads/asf-site 2e8125670 -> 0362585e2
trivial 0.9.0 doc changes for AclCommand
Project: http://git-wip-us.apache.org/repos/asf/kafka-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/kafka-site/commit/0362585e
Tree: http://git-wip-us.apache.org/repos/asf/kafka-site/tree/0362585e
Diff: http://git-wip-us.apache.org/repos/asf/kafka-site/diff/0362585e
Branch: refs/heads/asf-site
Commit: 0362585e23d5f07ea4bc3f9b4e42bae72dd6c211
Parents: 2e81256
Author: Jun Rao <ju...@gmail.com>
Authored: Fri Nov 13 18:07:38 2015 -0800
Committer: Jun Rao <ju...@gmail.com>
Committed: Fri Nov 13 18:07:38 2015 -0800
----------------------------------------------------------------------
090/security.html | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/kafka-site/blob/0362585e/090/security.html
----------------------------------------------------------------------
diff --git a/090/security.html b/090/security.html
index 25f15a0..57fe874 100644
--- a/090/security.html
+++ b/090/security.html
@@ -264,7 +264,7 @@ Apache Kafka allows clients to connect over SSL. By default SSL is disabled but
Kafka ships with a pluggable Authorizer and an out-of-box authorizer implementation that uses zookeeper to store all the acls. Kafka acls are defined in the general format of "Principal P is [Allowed/Denied] Operation O From Host H On Resource R". You can read more about the acl structure on KIP-11. In order to add, remove or list acls you can use the Kafka authorizer CLI. By default, if a Resource R has no associated acls, no one other than super users is allowed to access R. If you want change that behavior, you can include the following in broker.properties.
<pre>allow.everyone.if.no.acl.found=true</pre>
One can also add super users in broker.properties like the following.
-<pre>super.users=User:Bob,User:Alice</pre>
+<pre>super.users=User:Bob;User:Alice</pre>
<h4>Command Line Interface</h4>
Kafka Authorization management CLI can be found under bin directory with all the other CLIs. The CLI script is called <b>kafka-acls.sh</b>. Following lists all the options that the script supports:
<p></p>
@@ -301,7 +301,7 @@ Kafka Authorization management CLI can be found under bin directory with all the
</tr>
<tr>
<td>--authorizer-properties</td>
- <td>comma separated key=val pairs that will be passed to authorizer for initialization.</td>
+ <td>key=val pairs that will be passed to authorizer for initialization. For the default authorizer the example values are: zookeeper.connect=localhost:2181</td>
<td></td>
<td>Configuration</td>
</tr>