You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by mm...@apache.org on 2019/06/03 08:59:01 UTC
[pulsar] branch asf-site updated: Updated site at revision aa16934
This is an automated email from the ASF dual-hosted git repository.
mmerli pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 27dfa86 Updated site at revision aa16934
27dfa86 is described below
commit 27dfa8626e5422bbdb4f15fe64d1c389d61289bc
Author: jenkins <bu...@apache.org>
AuthorDate: Mon Jun 3 08:58:52 2019 +0000
Updated site at revision aa16934
---
content/docs/en/next/reference-cli-tools.html | 8 +-
.../docs/en/next/reference-cli-tools/index.html | 8 +-
content/docs/en/next/security-kerberos.html | 22 ++--
content/docs/en/next/security-kerberos/index.html | 22 ++--
content/docs/fr/next/reference-cli-tools.html | 8 +-
.../docs/fr/next/reference-cli-tools/index.html | 8 +-
content/docs/fr/next/security-kerberos.html | 119 +++++++++++++--------
content/docs/fr/next/security-kerberos/index.html | 119 +++++++++++++--------
content/docs/ja/next/reference-cli-tools.html | 8 +-
.../docs/ja/next/reference-cli-tools/index.html | 8 +-
content/docs/ja/next/security-kerberos.html | 119 +++++++++++++--------
content/docs/ja/next/security-kerberos/index.html | 119 +++++++++++++--------
content/docs/zh-CN/next/reference-cli-tools.html | 8 +-
.../docs/zh-CN/next/reference-cli-tools/index.html | 8 +-
content/docs/zh-CN/next/security-kerberos.html | 119 +++++++++++++--------
.../docs/zh-CN/next/security-kerberos/index.html | 119 +++++++++++++--------
content/swagger/swagger.json | 30 +++---
content/swagger/swaggerfunctions.json | 28 ++---
18 files changed, 531 insertions(+), 349 deletions(-)
diff --git a/content/docs/en/next/reference-cli-tools.html b/content/docs/en/next/reference-cli-tools.html
index 77f5a3e..d032017 100644
--- a/content/docs/en/next/reference-cli-tools.html
+++ b/content/docs/en/next/reference-cli-tools.html
@@ -316,8 +316,8 @@
<tr><th>Flag</th><th>Description</th><th>Default</th></tr>
</thead>
<tbody>
-<tr><td><code>--auth-params</code></td><td>Authentication parameters, whose format is determined by the implementation of method <code>configure</code> in authentication plugin class, for example "key1:val1,key2:val2" or "{"key1":"val1","key2":"val2"}"</td><td></td></tr>
-<tr><td><code>--auth-plugin</code></td><td>Authentication plugin class name</td><td></td></tr>
+<tr><td><code>--auth-params</code></td><td>Authentication parameters, whose format is determined by the implementation of method <code>configure</code> in authentication plugin class, for example "key1:val1,key2:val2" or "{"key1":"val1","key2":"val2"}"</td><td>{"saslJaasClientSectionName":"PulsarClient", "serverType":"broker"}</td></tr>
+<tr><td><code>--auth-plugin</code></td><td>Authentication plugin class name</td><td>org.apache.pulsar.client.impl.auth.AuthenticationSasl</td></tr>
<tr><td><code>--url</code></td><td>Broker URL to which to connect</td><td><a href="pulsar://localhost:6650/">pulsar://localhost:6650/</a></td></tr>
</tbody>
</table>
@@ -350,10 +350,10 @@
</thead>
<tbody>
<tr><td><code>--hex</code></td><td>Display binary messages in hexadecimal format.</td><td>false</td></tr>
-<tr><td><code>-n</code>, <code>--num-messages</code></td><td>Number of messages to consume, 0 means to consume forever.</td><td>0</td></tr>
+<tr><td><code>-n</code>, <code>--num-messages</code></td><td>Number of messages to consume, 0 means to consume forever.</td><td>1</td></tr>
<tr><td><code>-r</code>, <code>--rate</code></td><td>Rate (in messages per second) at which to consume; a value 0 means to consume messages as fast as possible</td><td>0.0</td></tr>
<tr><td><code>-s</code>, <code>--subscription-name</code></td><td>Subscription name</td><td></td></tr>
-<tr><td><code>-t</code>, <code>--subscription-type</code></td><td>The type of the subscription. Possible values: Exclusive, Shared, Failover.</td><td>Exclusive</td></tr>
+<tr><td><code>-t</code>, <code>--subscription-type</code></td><td>The type of the subscription. Possible values: Exclusive, Shared, Failover, Key_Shared.</td><td>Exclusive</td></tr>
</tbody>
</table>
<h2><a class="anchor" aria-hidden="true" id="pulsar-daemon"></a><a href="#pulsar-daemon" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.8 [...]
diff --git a/content/docs/en/next/reference-cli-tools/index.html b/content/docs/en/next/reference-cli-tools/index.html
index 77f5a3e..d032017 100644
--- a/content/docs/en/next/reference-cli-tools/index.html
+++ b/content/docs/en/next/reference-cli-tools/index.html
@@ -316,8 +316,8 @@
<tr><th>Flag</th><th>Description</th><th>Default</th></tr>
</thead>
<tbody>
-<tr><td><code>--auth-params</code></td><td>Authentication parameters, whose format is determined by the implementation of method <code>configure</code> in authentication plugin class, for example "key1:val1,key2:val2" or "{"key1":"val1","key2":"val2"}"</td><td></td></tr>
-<tr><td><code>--auth-plugin</code></td><td>Authentication plugin class name</td><td></td></tr>
+<tr><td><code>--auth-params</code></td><td>Authentication parameters, whose format is determined by the implementation of method <code>configure</code> in authentication plugin class, for example "key1:val1,key2:val2" or "{"key1":"val1","key2":"val2"}"</td><td>{"saslJaasClientSectionName":"PulsarClient", "serverType":"broker"}</td></tr>
+<tr><td><code>--auth-plugin</code></td><td>Authentication plugin class name</td><td>org.apache.pulsar.client.impl.auth.AuthenticationSasl</td></tr>
<tr><td><code>--url</code></td><td>Broker URL to which to connect</td><td><a href="pulsar://localhost:6650/">pulsar://localhost:6650/</a></td></tr>
</tbody>
</table>
@@ -350,10 +350,10 @@
</thead>
<tbody>
<tr><td><code>--hex</code></td><td>Display binary messages in hexadecimal format.</td><td>false</td></tr>
-<tr><td><code>-n</code>, <code>--num-messages</code></td><td>Number of messages to consume, 0 means to consume forever.</td><td>0</td></tr>
+<tr><td><code>-n</code>, <code>--num-messages</code></td><td>Number of messages to consume, 0 means to consume forever.</td><td>1</td></tr>
<tr><td><code>-r</code>, <code>--rate</code></td><td>Rate (in messages per second) at which to consume; a value 0 means to consume messages as fast as possible</td><td>0.0</td></tr>
<tr><td><code>-s</code>, <code>--subscription-name</code></td><td>Subscription name</td><td></td></tr>
-<tr><td><code>-t</code>, <code>--subscription-type</code></td><td>The type of the subscription. Possible values: Exclusive, Shared, Failover.</td><td>Exclusive</td></tr>
+<tr><td><code>-t</code>, <code>--subscription-type</code></td><td>The type of the subscription. Possible values: Exclusive, Shared, Failover, Key_Shared.</td><td>Exclusive</td></tr>
</tbody>
</table>
<h2><a class="anchor" aria-hidden="true" id="pulsar-daemon"></a><a href="#pulsar-daemon" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.8 [...]
diff --git a/content/docs/en/next/security-kerberos.html b/content/docs/en/next/security-kerberos.html
index 363f834..868d8c2 100644
--- a/content/docs/en/next/security-kerberos.html
+++ b/content/docs/en/next/security-kerberos.html
@@ -177,9 +177,9 @@ and the location of the keytab where the principal is stored. It allows the clie
<pre><code class="hljs css language-java">System.setProperty(<span class="hljs-string">"java.security.auth.login.config"</span>, <span class="hljs-string">"/etc/pulsar/pulsar_jaas.conf"</span>);
System.setProperty(<span class="hljs-string">"java.security.krb5.conf"</span>, <span class="hljs-string">"/etc/pulsar/krb5.conf"</span>);
-Map<String, String> clientSaslConfig = Maps.newHashMap();
-clientSaslConfig.put(<span class="hljs-string">"saslJaasClientSectionName"</span>, <span class="hljs-string">"PulsarClient"</span>);
-clientSaslConfig.put(<span class="hljs-string">"serverType"</span>, <span class="hljs-string">"broker"</span>);
+Map<String, String> authParams = Maps.newHashMap();
+authParams.put(<span class="hljs-string">"saslJaasClientSectionName"</span>, <span class="hljs-string">"PulsarClient"</span>);
+authParams.put(<span class="hljs-string">"serverType"</span>, <span class="hljs-string">"broker"</span>);
Authentication saslAuth = AuthenticationFactory
.create(org.apache.pulsar.client.impl.auth.AuthenticationSasl.class.getName(), authParams);
@@ -189,6 +189,11 @@ PulsarClient client = PulsarClient.builder()
.authentication(saslAuth)
.build();
</code></pre>
+<blockquote>
+<p>The first two lines in the example above are hard coded, alternatively, you can set additional JVM parameters for JAAS and krb5 configuration file when running the application like below:</p>
+</blockquote>
+<pre><code class="hljs">java -cp -Djava<span class="hljs-selector-class">.security</span><span class="hljs-selector-class">.auth</span><span class="hljs-selector-class">.login</span><span class="hljs-selector-class">.config</span>=/etc/pulsar/pulsar_jaas<span class="hljs-selector-class">.conf</span> -Djava<span class="hljs-selector-class">.security</span><span class="hljs-selector-class">.krb5</span><span class="hljs-selector-class">.conf</span>=/etc/pulsar/krb5<span class="hljs-selector [...]
+</code></pre>
<p>Make sure that the keytabs configured in the <code>pulsar_jaas.conf</code> file and kdc server in the <code>krb5.conf</code> file are reachable by the operating system user who is starting pulsar client.</p>
<p>If you are using command line, you can continue with these step:</p>
<ol>
@@ -254,9 +259,9 @@ sudo /usr/sbin/kadmin.local -q "ktadd -k /etc/security/keytabs/{client-keytabnam
<pre><code class="hljs css language-java">System.setProperty(<span class="hljs-string">"java.security.auth.login.config"</span>, <span class="hljs-string">"/etc/pulsar/pulsar_jaas.conf"</span>);
System.setProperty(<span class="hljs-string">"java.security.krb5.conf"</span>, <span class="hljs-string">"/etc/pulsar/krb5.conf"</span>);
-Map<String, String> clientSaslConfig = Maps.newHashMap();
-clientSaslConfig.put(<span class="hljs-string">"saslJaasClientSectionName"</span>, <span class="hljs-string">"PulsarClient"</span>);
-clientSaslConfig.put(<span class="hljs-string">"serverType"</span>, <span class="hljs-string">"proxy"</span>); <span class="hljs-comment">// ** here is the different **</span>
+Map<String, String> authParams = Maps.newHashMap();
+authParams.put(<span class="hljs-string">"saslJaasClientSectionName"</span>, <span class="hljs-string">"PulsarClient"</span>);
+authParams.put(<span class="hljs-string">"serverType"</span>, <span class="hljs-string">"proxy"</span>); <span class="hljs-comment">// ** here is the different **</span>
Authentication saslAuth = AuthenticationFactory
.create(org.apache.pulsar.client.impl.auth.AuthenticationSasl.class.getName(), authParams);
@@ -266,6 +271,11 @@ PulsarClient client = PulsarClient.builder()
.authentication(saslAuth)
.build();
</code></pre>
+<blockquote>
+<p>The first two lines in the example above are hard coded, alternatively, you can set additional JVM parameters for JAAS and krb5 configuration file when running the application like below:</p>
+</blockquote>
+<pre><code class="hljs">java -cp -Djava<span class="hljs-selector-class">.security</span><span class="hljs-selector-class">.auth</span><span class="hljs-selector-class">.login</span><span class="hljs-selector-class">.config</span>=/etc/pulsar/pulsar_jaas<span class="hljs-selector-class">.conf</span> -Djava<span class="hljs-selector-class">.security</span><span class="hljs-selector-class">.krb5</span><span class="hljs-selector-class">.conf</span>=/etc/pulsar/krb5<span class="hljs-selector [...]
+</code></pre>
<h3><a class="anchor" aria-hidden="true" id="kerberos-configuration-for-pulsar-proxy-service"></a><a href="#kerberos-configuration-for-pulsar-proxy-service" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9 [...]
<p>In the <code>proxy.conf</code> file, set Kerberos related configuration. Here is an example:</p>
<pre><code class="hljs css language-shell"><span class="hljs-meta">#</span><span class="bash"><span class="hljs-comment"># related to authenticate client.</span></span>
diff --git a/content/docs/en/next/security-kerberos/index.html b/content/docs/en/next/security-kerberos/index.html
index 363f834..868d8c2 100644
--- a/content/docs/en/next/security-kerberos/index.html
+++ b/content/docs/en/next/security-kerberos/index.html
@@ -177,9 +177,9 @@ and the location of the keytab where the principal is stored. It allows the clie
<pre><code class="hljs css language-java">System.setProperty(<span class="hljs-string">"java.security.auth.login.config"</span>, <span class="hljs-string">"/etc/pulsar/pulsar_jaas.conf"</span>);
System.setProperty(<span class="hljs-string">"java.security.krb5.conf"</span>, <span class="hljs-string">"/etc/pulsar/krb5.conf"</span>);
-Map<String, String> clientSaslConfig = Maps.newHashMap();
-clientSaslConfig.put(<span class="hljs-string">"saslJaasClientSectionName"</span>, <span class="hljs-string">"PulsarClient"</span>);
-clientSaslConfig.put(<span class="hljs-string">"serverType"</span>, <span class="hljs-string">"broker"</span>);
+Map<String, String> authParams = Maps.newHashMap();
+authParams.put(<span class="hljs-string">"saslJaasClientSectionName"</span>, <span class="hljs-string">"PulsarClient"</span>);
+authParams.put(<span class="hljs-string">"serverType"</span>, <span class="hljs-string">"broker"</span>);
Authentication saslAuth = AuthenticationFactory
.create(org.apache.pulsar.client.impl.auth.AuthenticationSasl.class.getName(), authParams);
@@ -189,6 +189,11 @@ PulsarClient client = PulsarClient.builder()
.authentication(saslAuth)
.build();
</code></pre>
+<blockquote>
+<p>The first two lines in the example above are hard coded, alternatively, you can set additional JVM parameters for JAAS and krb5 configuration file when running the application like below:</p>
+</blockquote>
+<pre><code class="hljs">java -cp -Djava<span class="hljs-selector-class">.security</span><span class="hljs-selector-class">.auth</span><span class="hljs-selector-class">.login</span><span class="hljs-selector-class">.config</span>=/etc/pulsar/pulsar_jaas<span class="hljs-selector-class">.conf</span> -Djava<span class="hljs-selector-class">.security</span><span class="hljs-selector-class">.krb5</span><span class="hljs-selector-class">.conf</span>=/etc/pulsar/krb5<span class="hljs-selector [...]
+</code></pre>
<p>Make sure that the keytabs configured in the <code>pulsar_jaas.conf</code> file and kdc server in the <code>krb5.conf</code> file are reachable by the operating system user who is starting pulsar client.</p>
<p>If you are using command line, you can continue with these step:</p>
<ol>
@@ -254,9 +259,9 @@ sudo /usr/sbin/kadmin.local -q "ktadd -k /etc/security/keytabs/{client-keytabnam
<pre><code class="hljs css language-java">System.setProperty(<span class="hljs-string">"java.security.auth.login.config"</span>, <span class="hljs-string">"/etc/pulsar/pulsar_jaas.conf"</span>);
System.setProperty(<span class="hljs-string">"java.security.krb5.conf"</span>, <span class="hljs-string">"/etc/pulsar/krb5.conf"</span>);
-Map<String, String> clientSaslConfig = Maps.newHashMap();
-clientSaslConfig.put(<span class="hljs-string">"saslJaasClientSectionName"</span>, <span class="hljs-string">"PulsarClient"</span>);
-clientSaslConfig.put(<span class="hljs-string">"serverType"</span>, <span class="hljs-string">"proxy"</span>); <span class="hljs-comment">// ** here is the different **</span>
+Map<String, String> authParams = Maps.newHashMap();
+authParams.put(<span class="hljs-string">"saslJaasClientSectionName"</span>, <span class="hljs-string">"PulsarClient"</span>);
+authParams.put(<span class="hljs-string">"serverType"</span>, <span class="hljs-string">"proxy"</span>); <span class="hljs-comment">// ** here is the different **</span>
Authentication saslAuth = AuthenticationFactory
.create(org.apache.pulsar.client.impl.auth.AuthenticationSasl.class.getName(), authParams);
@@ -266,6 +271,11 @@ PulsarClient client = PulsarClient.builder()
.authentication(saslAuth)
.build();
</code></pre>
+<blockquote>
+<p>The first two lines in the example above are hard coded, alternatively, you can set additional JVM parameters for JAAS and krb5 configuration file when running the application like below:</p>
+</blockquote>
+<pre><code class="hljs">java -cp -Djava<span class="hljs-selector-class">.security</span><span class="hljs-selector-class">.auth</span><span class="hljs-selector-class">.login</span><span class="hljs-selector-class">.config</span>=/etc/pulsar/pulsar_jaas<span class="hljs-selector-class">.conf</span> -Djava<span class="hljs-selector-class">.security</span><span class="hljs-selector-class">.krb5</span><span class="hljs-selector-class">.conf</span>=/etc/pulsar/krb5<span class="hljs-selector [...]
+</code></pre>
<h3><a class="anchor" aria-hidden="true" id="kerberos-configuration-for-pulsar-proxy-service"></a><a href="#kerberos-configuration-for-pulsar-proxy-service" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9 [...]
<p>In the <code>proxy.conf</code> file, set Kerberos related configuration. Here is an example:</p>
<pre><code class="hljs css language-shell"><span class="hljs-meta">#</span><span class="bash"><span class="hljs-comment"># related to authenticate client.</span></span>
diff --git a/content/docs/fr/next/reference-cli-tools.html b/content/docs/fr/next/reference-cli-tools.html
index 6b7a73c..82e21f2 100644
--- a/content/docs/fr/next/reference-cli-tools.html
+++ b/content/docs/fr/next/reference-cli-tools.html
@@ -305,8 +305,8 @@ $ pulsar command
<tr><th>Flag</th><th>Description</th><th>Default</th></tr>
</thead>
<tbody>
-<tr><td><code>--auth-params</code></td><td>Authentication parameters, whose format is determined by the implementation of method <code>configure</code> in authentication plugin class, for example "key1:val1,key2:val2" or "{"key1":"val1","key2":"val2"}"</td><td></td></tr>
-<tr><td><code>--auth-plugin</code></td><td>Authentication plugin class name</td><td></td></tr>
+<tr><td><code>--auth-params</code></td><td>Authentication parameters, whose format is determined by the implementation of method <code>configure</code> in authentication plugin class, for example "key1:val1,key2:val2" or "{"key1":"val1","key2":"val2"}"</td><td>{"saslJaasClientSectionName":"PulsarClient", "serverType":"broker"}</td></tr>
+<tr><td><code>--auth-plugin</code></td><td>Authentication plugin class name</td><td>org.apache.pulsar.client.impl.auth.AuthenticationSasl</td></tr>
<tr><td><code>--url</code></td><td>Broker URL to which to connect</td><td><a href="pulsar://localhost:6650/">pulsar://localhost:6650/</a></td></tr>
</tbody>
</table>
@@ -339,10 +339,10 @@ $ pulsar command
</thead>
<tbody>
<tr><td><code>--hex</code></td><td>Display binary messages in hexadecimal format.</td><td>false</td></tr>
-<tr><td><code>-n</code>, <code>--num-messages</code></td><td>Number of messages to consume, 0 means to consume forever.</td><td>0</td></tr>
+<tr><td><code>-n</code>, <code>--num-messages</code></td><td>Number of messages to consume, 0 means to consume forever.</td><td>1</td></tr>
<tr><td><code>-r</code>, <code>--rate</code></td><td>Rate (in messages per second) at which to consume; a value 0 means to consume messages as fast as possible</td><td>0.0</td></tr>
<tr><td><code>-s</code>, <code>--subscription-name</code></td><td>Subscription name</td><td></td></tr>
-<tr><td><code>-t</code>, <code>--subscription-type</code></td><td>The type of the subscription. Possible values: Exclusive, Shared, Failover.</td><td>Exclusive</td></tr>
+<tr><td><code>-t</code>, <code>--subscription-type</code></td><td>The type of the subscription. Possible values: Exclusive, Shared, Failover, Key_Shared.</td><td>Exclusive</td></tr>
</tbody>
</table>
<h2><a class="anchor" aria-hidden="true" id="pulsar-daemon"></a><a href="#pulsar-daemon" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.8 [...]
diff --git a/content/docs/fr/next/reference-cli-tools/index.html b/content/docs/fr/next/reference-cli-tools/index.html
index 6b7a73c..82e21f2 100644
--- a/content/docs/fr/next/reference-cli-tools/index.html
+++ b/content/docs/fr/next/reference-cli-tools/index.html
@@ -305,8 +305,8 @@ $ pulsar command
<tr><th>Flag</th><th>Description</th><th>Default</th></tr>
</thead>
<tbody>
-<tr><td><code>--auth-params</code></td><td>Authentication parameters, whose format is determined by the implementation of method <code>configure</code> in authentication plugin class, for example "key1:val1,key2:val2" or "{"key1":"val1","key2":"val2"}"</td><td></td></tr>
-<tr><td><code>--auth-plugin</code></td><td>Authentication plugin class name</td><td></td></tr>
+<tr><td><code>--auth-params</code></td><td>Authentication parameters, whose format is determined by the implementation of method <code>configure</code> in authentication plugin class, for example "key1:val1,key2:val2" or "{"key1":"val1","key2":"val2"}"</td><td>{"saslJaasClientSectionName":"PulsarClient", "serverType":"broker"}</td></tr>
+<tr><td><code>--auth-plugin</code></td><td>Authentication plugin class name</td><td>org.apache.pulsar.client.impl.auth.AuthenticationSasl</td></tr>
<tr><td><code>--url</code></td><td>Broker URL to which to connect</td><td><a href="pulsar://localhost:6650/">pulsar://localhost:6650/</a></td></tr>
</tbody>
</table>
@@ -339,10 +339,10 @@ $ pulsar command
</thead>
<tbody>
<tr><td><code>--hex</code></td><td>Display binary messages in hexadecimal format.</td><td>false</td></tr>
-<tr><td><code>-n</code>, <code>--num-messages</code></td><td>Number of messages to consume, 0 means to consume forever.</td><td>0</td></tr>
+<tr><td><code>-n</code>, <code>--num-messages</code></td><td>Number of messages to consume, 0 means to consume forever.</td><td>1</td></tr>
<tr><td><code>-r</code>, <code>--rate</code></td><td>Rate (in messages per second) at which to consume; a value 0 means to consume messages as fast as possible</td><td>0.0</td></tr>
<tr><td><code>-s</code>, <code>--subscription-name</code></td><td>Subscription name</td><td></td></tr>
-<tr><td><code>-t</code>, <code>--subscription-type</code></td><td>The type of the subscription. Possible values: Exclusive, Shared, Failover.</td><td>Exclusive</td></tr>
+<tr><td><code>-t</code>, <code>--subscription-type</code></td><td>The type of the subscription. Possible values: Exclusive, Shared, Failover, Key_Shared.</td><td>Exclusive</td></tr>
</tbody>
</table>
<h2><a class="anchor" aria-hidden="true" id="pulsar-daemon"></a><a href="#pulsar-daemon" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.8 [...]
diff --git a/content/docs/fr/next/security-kerberos.html b/content/docs/fr/next/security-kerberos.html
index 8a38223..cb1cb66 100644
--- a/content/docs/fr/next/security-kerberos.html
+++ b/content/docs/fr/next/security-kerberos.html
@@ -173,9 +173,9 @@ saslJaasBrokerSectionName=PulsarBroker</p></li>
<pre><code class="hljs css language-java"> System.setProperty(<span class="hljs-string">"java.security.auth.login.config"</span>, <span class="hljs-string">"/etc/pulsar/pulsar_jaas.conf"</span>);
System.setProperty(<span class="hljs-string">"java.security.krb5.conf"</span>, <span class="hljs-string">"/etc/pulsar/krb5.conf"</span>);
- Map<String, String> clientSaslConfig = Maps.newHashMap();
- clientSaslConfig.put(<span class="hljs-string">"saslJaasClientSectionName"</span>, <span class="hljs-string">"PulsarClient"</span>);
- clientSaslConfig.put(<span class="hljs-string">"serverType"</span>, <span class="hljs-string">"broker"</span>);
+ Map<String, String> authParams = Maps.newHashMap();
+ authParams.put(<span class="hljs-string">"saslJaasClientSectionName"</span>, <span class="hljs-string">"PulsarClient"</span>);
+ authParams.put(<span class="hljs-string">"serverType"</span>, <span class="hljs-string">"broker"</span>);
Authentication saslAuth = AuthenticationFactory
.create(org.apache.pulsar.client.impl.auth.AuthenticationSasl.class.getName(), authParams);
@@ -185,18 +185,26 @@ saslJaasBrokerSectionName=PulsarBroker</p></li>
.authentication(saslAuth)
.build();
</code></pre>
-<p>Make sure that the keytabs configured in the <code>pulsar_jaas.conf</code> file and kdc server in the <code>krb5.conf</code> file are reachable by the operating system user who is starting pulsar client.</p>
-<p>If you are using command line, you can continue with these step:</p>
-<ol>
-<li>Config your <code>client.conf</code>:</li>
-</ol>
-<pre><code class="hljs css language-shell">authPlugin=org.apache.pulsar.client.impl.auth.AuthenticationSasl
-authParams={"saslJaasClientSectionName":"PulsarClient", "serverType":"broker"}
-</code></pre>
-<ol start="2">
-<li>Set JVM parameter for JAAS configuration file and krb5 configuration file with additional option.</li>
-</ol>
-<pre><code class="hljs css language-shell"> -Djava.security.auth.login.config=/etc/pulsar/pulsar_jaas.conf -Djava.security.krb5.conf=/etc/pulsar/krb5.conf
+<blockquote>
+<p>The first two lines in the example above are hard coded, alternatively, you can set additional JVM parameters for JAAS and krb5 configuration file when running the application like below:</p>
+</blockquote>
+<pre><code class="hljs">
+java -cp -Djava.security.auth.login.<span class="hljs-attribute">config</span>=/etc/pulsar/pulsar_jaas.conf -Djava.security.krb5.<span class="hljs-attribute">conf</span>=/etc/pulsar/krb5.conf <span class="hljs-variable">$APP</span>-jar-with-dependencies.jar <span class="hljs-variable">$CLASSNAME</span>
+
+ <br />Make sure that the keytabs configured <span class="hljs-keyword">in</span> the `pulsar_jaas.conf` file <span class="hljs-keyword">and</span> kdc<span class="hljs-built_in"> server </span><span class="hljs-keyword">in</span> the `krb5.conf` file are reachable by the operating<span class="hljs-built_in"> system user </span>who is starting pulsar client.
+
+ <span class="hljs-keyword">If</span> you are using command line, you can continue with these <span class="hljs-keyword">step</span>:
+
+ 1.<span class="hljs-built_in"> Config </span>your `client.conf`:
+ ```shell
+ <span class="hljs-attribute">authPlugin</span>=org.apache.pulsar.client.impl.auth.AuthenticationSasl
+ authParams={<span class="hljs-string">"saslJaasClientSectionName"</span>:<span class="hljs-string">"PulsarClient"</span>, <span class="hljs-string">"serverType"</span>:<span class="hljs-string">"broker"</span>}
+
+
+2. <span class="hljs-builtin-name">Set</span> JVM parameter <span class="hljs-keyword">for</span> JAAS configuration file <span class="hljs-keyword">and</span> krb5 configuration file with additional option.
+
+```shell
+ -Djava.security.auth.login.<span class="hljs-attribute">config</span>=/etc/pulsar/pulsar_jaas.conf -Djava.security.krb5.<span class="hljs-attribute">conf</span>=/etc/pulsar/krb5.conf
</code></pre>
<p>You can add this at the end of <code>PULSAR_EXTRA_OPTS</code> in the file <a href="https://github.com/apache/pulsar/blob/master/conf/pulsar_tools_env.sh"><code>pulsar_tools_env.sh</code></a></p>
<h2><a class="anchor" aria-hidden="true" id="kerberos-configuration-for-working-with-pulsar-proxy"></a><a href="#kerberos-configuration-for-working-with-pulsar-proxy" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S [...]
@@ -250,9 +258,9 @@ sudo /usr/sbin/kadmin.local -q "ktadd -k /etc/security/keytabs/{client-keytabnam
<pre><code class="hljs css language-java"> System.setProperty(<span class="hljs-string">"java.security.auth.login.config"</span>, <span class="hljs-string">"/etc/pulsar/pulsar_jaas.conf"</span>);
System.setProperty(<span class="hljs-string">"java.security.krb5.conf"</span>, <span class="hljs-string">"/etc/pulsar/krb5.conf"</span>);
- Map<String, String> clientSaslConfig = Maps.newHashMap();
- clientSaslConfig.put(<span class="hljs-string">"saslJaasClientSectionName"</span>, <span class="hljs-string">"PulsarClient"</span>);
- clientSaslConfig.put(<span class="hljs-string">"serverType"</span>, <span class="hljs-string">"proxy"</span>); <span class="hljs-comment">// ** here is the different **</span>
+ Map<String, String> authParams = Maps.newHashMap();
+ authParams.put(<span class="hljs-string">"saslJaasClientSectionName"</span>, <span class="hljs-string">"PulsarClient"</span>);
+ authParams.put(<span class="hljs-string">"serverType"</span>, <span class="hljs-string">"proxy"</span>); <span class="hljs-comment">// ** here is the different **</span>
Authentication saslAuth = AuthenticationFactory
.create(org.apache.pulsar.client.impl.auth.AuthenticationSasl.class.getName(), authParams);
@@ -262,40 +270,59 @@ sudo /usr/sbin/kadmin.local -q "ktadd -k /etc/security/keytabs/{client-keytabnam
.authentication(saslAuth)
.build();
</code></pre>
-<h3><a class="anchor" aria-hidden="true" id="kerberos-configuration-for-pulsar-proxy-service"></a><a href="#kerberos-configuration-for-pulsar-proxy-service" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9 [...]
-<p>In the <code>proxy.conf</code> file, set Kerberos related configuration. Here is an example:</p>
-<pre><code class="hljs css language-shell"><span class="hljs-meta">#</span><span class="bash"><span class="hljs-comment"># related to authenticate client.</span></span>
-authenticationEnabled=true
-authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderSasl
-saslJaasClientAllowedIds=.*client.*
-saslJaasBrokerSectionName=PulsarProxy
-<span class="hljs-meta">
-#</span><span class="bash"><span class="hljs-comment"># related to be authenticated by broker</span></span>
-brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationSasl
-brokerClientAuthenticationParameters=saslJaasClientSectionName:PulsarProxy,serverType:broker
-forwardAuthorizationCredentials=true
-</code></pre>
-<p>The first part is related to authenticate between client and Pulsar Proxy. In this phase, client works as SASL client, while Pulsar Proxy works as SASL server.</p>
-<p>The second part is related to authenticate between Pulsar Proxy and Pulsar Broker. In this phase, Pulsar Proxy works as SASL client, while Pulsar Broker works as SASL server.</p>
-<h3><a class="anchor" aria-hidden="true" id="broker-side-configuration"></a><a href="#broker-side-configuration" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c [...]
-<p>The broker side configuration file is the same with the above <code>broker.conf</code>, you do not need special configuration for Pulsar Proxy.</p>
-<pre><code class="hljs">authenticationEnabled=true
-authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderSasl
-saslJaasClientAllowedIds=.*client.*
-saslJaasBrokerSectionName=PulsarBroker
-</code></pre>
-<h2><a class="anchor" aria-hidden="true" id="regarding-authorization-and-role-token"></a><a href="#regarding-authorization-and-role-token" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1. [...]
-<p>For Kerberos authentication, the authenticated principal is used as the role token for Pulsar authorization. For more information of authorization in Pulsar, see <a href="/docs/fr/next/security-authorization">security authorization</a>.</p>
-<p>If you enabled authorizationEnabled you need set <code>superUserRoles</code> in <code>broker.conf</code> that corresponding to the name registered in kdc</p>
-<p>For example:</p>
-<pre><code class="hljs css language-bash">superUserRoles=client/{clientIp}@EXAMPLE.COM
+<blockquote>
+<p>The first two lines in the example above are hard coded, alternatively, you can set additional JVM parameters for JAAS and krb5 configuration file when running the application like below:</p>
+</blockquote>
+<pre><code class="hljs">
+java -cp -Djava.security.auth.login.<span class="hljs-attribute">config</span>=/etc/pulsar/pulsar_jaas.conf -Djava.security.krb5.<span class="hljs-attribute">conf</span>=/etc/pulsar/krb5.conf <span class="hljs-variable">$APP</span>-jar-with-dependencies.jar <span class="hljs-variable">$CLASSNAME</span>
+
+ <br />### Kerberos configuration <span class="hljs-keyword">for</span> Pulsar<span class="hljs-built_in"> Proxy service
+</span>
+ <span class="hljs-keyword">In</span> the `proxy.conf` file, <span class="hljs-builtin-name">set</span> Kerberos related configuration. Here is an example:
+ ```shell
+ ## related <span class="hljs-keyword">to</span> authenticate client.
+ <span class="hljs-attribute">authenticationEnabled</span>=<span class="hljs-literal">true</span>
+ <span class="hljs-attribute">authenticationProviders</span>=org.apache.pulsar.broker.authentication.AuthenticationProviderSasl
+ <span class="hljs-attribute">saslJaasClientAllowedIds</span>=.*client.*
+ <span class="hljs-attribute">saslJaasBrokerSectionName</span>=PulsarProxy
+
+ ## related <span class="hljs-keyword">to</span> be authenticated by broker
+ <span class="hljs-attribute">brokerClientAuthenticationPlugin</span>=org.apache.pulsar.client.impl.auth.AuthenticationSasl
+ <span class="hljs-attribute">brokerClientAuthenticationParameters</span>=saslJaasClientSectionName:PulsarProxy,serverType:broker
+ <span class="hljs-attribute">forwardAuthorizationCredentials</span>=<span class="hljs-literal">true</span>
+
+
+The first part is related <span class="hljs-keyword">to</span> authenticate between<span class="hljs-built_in"> client </span><span class="hljs-keyword">and</span> Pulsar Proxy. <span class="hljs-keyword">In</span> this phase,<span class="hljs-built_in"> client </span>works as SASL client, <span class="hljs-keyword">while</span> Pulsar<span class="hljs-built_in"> Proxy </span>works as SASL server.
+
+The second part is related <span class="hljs-keyword">to</span> authenticate between Pulsar<span class="hljs-built_in"> Proxy </span><span class="hljs-keyword">and</span> Pulsar Broker. <span class="hljs-keyword">In</span> this phase, Pulsar<span class="hljs-built_in"> Proxy </span>works as SASL client, <span class="hljs-keyword">while</span> Pulsar Broker works as SASL server.
+
+<span class="hljs-comment">### Broker side configuration.</span>
+
+The broker side configuration file is the same with the above `broker.conf`, you <span class="hljs-keyword">do</span> <span class="hljs-keyword">not</span> need special configuration <span class="hljs-keyword">for</span> Pulsar Proxy.
+
+ <span class="hljs-attribute">authenticationEnabled</span>=<span class="hljs-literal">true</span>
+ <span class="hljs-attribute">authenticationProviders</span>=org.apache.pulsar.broker.authentication.AuthenticationProviderSasl
+ <span class="hljs-attribute">saslJaasClientAllowedIds</span>=.*client.*
+ <span class="hljs-attribute">saslJaasBrokerSectionName</span>=PulsarBroker
+
+
+<span class="hljs-comment">## Regarding authorization and role token</span>
+
+<span class="hljs-keyword">For</span> Kerberos authentication, the authenticated principal is used as the role token <span class="hljs-keyword">for</span> Pulsar authorization. <span class="hljs-keyword">For</span> more information of authorization <span class="hljs-keyword">in</span> Pulsar, see [security authorization](/docs/fr/next/security-authorization).
+
+<span class="hljs-keyword">If</span> you enabled authorizationEnabled you need <span class="hljs-builtin-name">set</span> `superUserRoles` <span class="hljs-keyword">in</span> `broker.conf` that corresponding <span class="hljs-keyword">to</span> the name registered <span class="hljs-keyword">in</span> kdc
+
+<span class="hljs-keyword">For</span> example:
+
+```bash
+<span class="hljs-attribute">superUserRoles</span>=client/{clientIp}@EXAMPLE.COM
</code></pre>
<h2><a class="anchor" aria-hidden="true" id="regarding-authorization-between-bookkeeper-and-zookeeper"></a><a href="#regarding-authorization-between-bookkeeper-and-zookeeper" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.2 [...]
<p>Adding <code>bookkeeperClientAuthenticationPlugin</code> parameter in <code>broker.conf</code> is a prerequisite for Broker (as a Kerberos client) being authenticated by Bookie (as a Kerberos Server):</p>
<pre><code class="hljs">bookkeeperClientAuthenticationPlugin=org.apache.bookkeeper.sasl.SASLClientProviderFactory
</code></pre>
<p>For more details of how to configure Kerberos for BookKeeper and Zookeeper, refer to <a href="http://bookkeeper.apache.org/docs/latest/security/sasl/">BookKeeper document</a>.</p>
-</span></div></article></div><div class="docs-prevnext"><a class="docs-prev button" href="/docs/fr/next/security-athenz"><span class="arrow-prev">← </span><span>Authentication using Athenz</span></a><a class="docs-next button" href="/docs/fr/next/security-authorization"><span>Authorization and ACLs</span><span class="arrow-next"> →</span></a></div></div></div><nav class="onPageNav"><ul class="toc-headings"><li><a href="#configuration-for-kerberos-between-client-and-broker">Configuration [...]
+</span></div></article></div><div class="docs-prevnext"><a class="docs-prev button" href="/docs/fr/next/security-athenz"><span class="arrow-prev">← </span><span>Authentication using Athenz</span></a><a class="docs-next button" href="/docs/fr/next/security-authorization"><span>Authorization and ACLs</span><span class="arrow-next"> →</span></a></div></div></div><nav class="onPageNav"><ul class="toc-headings"><li><a href="#configuration-for-kerberos-between-client-and-broker">Configuration [...]
const community = document.querySelector("a[href='#community']").parentNode;
const communityMenu =
'<li>' +
diff --git a/content/docs/fr/next/security-kerberos/index.html b/content/docs/fr/next/security-kerberos/index.html
index 8a38223..cb1cb66 100644
--- a/content/docs/fr/next/security-kerberos/index.html
+++ b/content/docs/fr/next/security-kerberos/index.html
@@ -173,9 +173,9 @@ saslJaasBrokerSectionName=PulsarBroker</p></li>
<pre><code class="hljs css language-java"> System.setProperty(<span class="hljs-string">"java.security.auth.login.config"</span>, <span class="hljs-string">"/etc/pulsar/pulsar_jaas.conf"</span>);
System.setProperty(<span class="hljs-string">"java.security.krb5.conf"</span>, <span class="hljs-string">"/etc/pulsar/krb5.conf"</span>);
- Map<String, String> clientSaslConfig = Maps.newHashMap();
- clientSaslConfig.put(<span class="hljs-string">"saslJaasClientSectionName"</span>, <span class="hljs-string">"PulsarClient"</span>);
- clientSaslConfig.put(<span class="hljs-string">"serverType"</span>, <span class="hljs-string">"broker"</span>);
+ Map<String, String> authParams = Maps.newHashMap();
+ authParams.put(<span class="hljs-string">"saslJaasClientSectionName"</span>, <span class="hljs-string">"PulsarClient"</span>);
+ authParams.put(<span class="hljs-string">"serverType"</span>, <span class="hljs-string">"broker"</span>);
Authentication saslAuth = AuthenticationFactory
.create(org.apache.pulsar.client.impl.auth.AuthenticationSasl.class.getName(), authParams);
@@ -185,18 +185,26 @@ saslJaasBrokerSectionName=PulsarBroker</p></li>
.authentication(saslAuth)
.build();
</code></pre>
-<p>Make sure that the keytabs configured in the <code>pulsar_jaas.conf</code> file and kdc server in the <code>krb5.conf</code> file are reachable by the operating system user who is starting pulsar client.</p>
-<p>If you are using command line, you can continue with these step:</p>
-<ol>
-<li>Config your <code>client.conf</code>:</li>
-</ol>
-<pre><code class="hljs css language-shell">authPlugin=org.apache.pulsar.client.impl.auth.AuthenticationSasl
-authParams={"saslJaasClientSectionName":"PulsarClient", "serverType":"broker"}
-</code></pre>
-<ol start="2">
-<li>Set JVM parameter for JAAS configuration file and krb5 configuration file with additional option.</li>
-</ol>
-<pre><code class="hljs css language-shell"> -Djava.security.auth.login.config=/etc/pulsar/pulsar_jaas.conf -Djava.security.krb5.conf=/etc/pulsar/krb5.conf
+<blockquote>
+<p>The first two lines in the example above are hard coded, alternatively, you can set additional JVM parameters for JAAS and krb5 configuration file when running the application like below:</p>
+</blockquote>
+<pre><code class="hljs">
+java -cp -Djava.security.auth.login.<span class="hljs-attribute">config</span>=/etc/pulsar/pulsar_jaas.conf -Djava.security.krb5.<span class="hljs-attribute">conf</span>=/etc/pulsar/krb5.conf <span class="hljs-variable">$APP</span>-jar-with-dependencies.jar <span class="hljs-variable">$CLASSNAME</span>
+
+ <br />Make sure that the keytabs configured <span class="hljs-keyword">in</span> the `pulsar_jaas.conf` file <span class="hljs-keyword">and</span> kdc<span class="hljs-built_in"> server </span><span class="hljs-keyword">in</span> the `krb5.conf` file are reachable by the operating<span class="hljs-built_in"> system user </span>who is starting pulsar client.
+
+ <span class="hljs-keyword">If</span> you are using command line, you can continue with these <span class="hljs-keyword">step</span>:
+
+ 1.<span class="hljs-built_in"> Config </span>your `client.conf`:
+ ```shell
+ <span class="hljs-attribute">authPlugin</span>=org.apache.pulsar.client.impl.auth.AuthenticationSasl
+ authParams={<span class="hljs-string">"saslJaasClientSectionName"</span>:<span class="hljs-string">"PulsarClient"</span>, <span class="hljs-string">"serverType"</span>:<span class="hljs-string">"broker"</span>}
+
+
+2. <span class="hljs-builtin-name">Set</span> JVM parameter <span class="hljs-keyword">for</span> JAAS configuration file <span class="hljs-keyword">and</span> krb5 configuration file with additional option.
+
+```shell
+ -Djava.security.auth.login.<span class="hljs-attribute">config</span>=/etc/pulsar/pulsar_jaas.conf -Djava.security.krb5.<span class="hljs-attribute">conf</span>=/etc/pulsar/krb5.conf
</code></pre>
<p>You can add this at the end of <code>PULSAR_EXTRA_OPTS</code> in the file <a href="https://github.com/apache/pulsar/blob/master/conf/pulsar_tools_env.sh"><code>pulsar_tools_env.sh</code></a></p>
<h2><a class="anchor" aria-hidden="true" id="kerberos-configuration-for-working-with-pulsar-proxy"></a><a href="#kerberos-configuration-for-working-with-pulsar-proxy" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S [...]
@@ -250,9 +258,9 @@ sudo /usr/sbin/kadmin.local -q "ktadd -k /etc/security/keytabs/{client-keytabnam
<pre><code class="hljs css language-java"> System.setProperty(<span class="hljs-string">"java.security.auth.login.config"</span>, <span class="hljs-string">"/etc/pulsar/pulsar_jaas.conf"</span>);
System.setProperty(<span class="hljs-string">"java.security.krb5.conf"</span>, <span class="hljs-string">"/etc/pulsar/krb5.conf"</span>);
- Map<String, String> clientSaslConfig = Maps.newHashMap();
- clientSaslConfig.put(<span class="hljs-string">"saslJaasClientSectionName"</span>, <span class="hljs-string">"PulsarClient"</span>);
- clientSaslConfig.put(<span class="hljs-string">"serverType"</span>, <span class="hljs-string">"proxy"</span>); <span class="hljs-comment">// ** here is the different **</span>
+ Map<String, String> authParams = Maps.newHashMap();
+ authParams.put(<span class="hljs-string">"saslJaasClientSectionName"</span>, <span class="hljs-string">"PulsarClient"</span>);
+ authParams.put(<span class="hljs-string">"serverType"</span>, <span class="hljs-string">"proxy"</span>); <span class="hljs-comment">// ** here is the different **</span>
Authentication saslAuth = AuthenticationFactory
.create(org.apache.pulsar.client.impl.auth.AuthenticationSasl.class.getName(), authParams);
@@ -262,40 +270,59 @@ sudo /usr/sbin/kadmin.local -q "ktadd -k /etc/security/keytabs/{client-keytabnam
.authentication(saslAuth)
.build();
</code></pre>
-<h3><a class="anchor" aria-hidden="true" id="kerberos-configuration-for-pulsar-proxy-service"></a><a href="#kerberos-configuration-for-pulsar-proxy-service" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9 [...]
-<p>In the <code>proxy.conf</code> file, set Kerberos related configuration. Here is an example:</p>
-<pre><code class="hljs css language-shell"><span class="hljs-meta">#</span><span class="bash"><span class="hljs-comment"># related to authenticate client.</span></span>
-authenticationEnabled=true
-authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderSasl
-saslJaasClientAllowedIds=.*client.*
-saslJaasBrokerSectionName=PulsarProxy
-<span class="hljs-meta">
-#</span><span class="bash"><span class="hljs-comment"># related to be authenticated by broker</span></span>
-brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationSasl
-brokerClientAuthenticationParameters=saslJaasClientSectionName:PulsarProxy,serverType:broker
-forwardAuthorizationCredentials=true
-</code></pre>
-<p>The first part is related to authenticate between client and Pulsar Proxy. In this phase, client works as SASL client, while Pulsar Proxy works as SASL server.</p>
-<p>The second part is related to authenticate between Pulsar Proxy and Pulsar Broker. In this phase, Pulsar Proxy works as SASL client, while Pulsar Broker works as SASL server.</p>
-<h3><a class="anchor" aria-hidden="true" id="broker-side-configuration"></a><a href="#broker-side-configuration" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c [...]
-<p>The broker side configuration file is the same with the above <code>broker.conf</code>, you do not need special configuration for Pulsar Proxy.</p>
-<pre><code class="hljs">authenticationEnabled=true
-authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderSasl
-saslJaasClientAllowedIds=.*client.*
-saslJaasBrokerSectionName=PulsarBroker
-</code></pre>
-<h2><a class="anchor" aria-hidden="true" id="regarding-authorization-and-role-token"></a><a href="#regarding-authorization-and-role-token" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1. [...]
-<p>For Kerberos authentication, the authenticated principal is used as the role token for Pulsar authorization. For more information of authorization in Pulsar, see <a href="/docs/fr/next/security-authorization">security authorization</a>.</p>
-<p>If you enabled authorizationEnabled you need set <code>superUserRoles</code> in <code>broker.conf</code> that corresponding to the name registered in kdc</p>
-<p>For example:</p>
-<pre><code class="hljs css language-bash">superUserRoles=client/{clientIp}@EXAMPLE.COM
+<blockquote>
+<p>The first two lines in the example above are hard coded, alternatively, you can set additional JVM parameters for JAAS and krb5 configuration file when running the application like below:</p>
+</blockquote>
+<pre><code class="hljs">
+java -cp -Djava.security.auth.login.<span class="hljs-attribute">config</span>=/etc/pulsar/pulsar_jaas.conf -Djava.security.krb5.<span class="hljs-attribute">conf</span>=/etc/pulsar/krb5.conf <span class="hljs-variable">$APP</span>-jar-with-dependencies.jar <span class="hljs-variable">$CLASSNAME</span>
+
+ <br />### Kerberos configuration <span class="hljs-keyword">for</span> Pulsar<span class="hljs-built_in"> Proxy service
+</span>
+ <span class="hljs-keyword">In</span> the `proxy.conf` file, <span class="hljs-builtin-name">set</span> Kerberos related configuration. Here is an example:
+ ```shell
+ ## related <span class="hljs-keyword">to</span> authenticate client.
+ <span class="hljs-attribute">authenticationEnabled</span>=<span class="hljs-literal">true</span>
+ <span class="hljs-attribute">authenticationProviders</span>=org.apache.pulsar.broker.authentication.AuthenticationProviderSasl
+ <span class="hljs-attribute">saslJaasClientAllowedIds</span>=.*client.*
+ <span class="hljs-attribute">saslJaasBrokerSectionName</span>=PulsarProxy
+
+ ## related <span class="hljs-keyword">to</span> be authenticated by broker
+ <span class="hljs-attribute">brokerClientAuthenticationPlugin</span>=org.apache.pulsar.client.impl.auth.AuthenticationSasl
+ <span class="hljs-attribute">brokerClientAuthenticationParameters</span>=saslJaasClientSectionName:PulsarProxy,serverType:broker
+ <span class="hljs-attribute">forwardAuthorizationCredentials</span>=<span class="hljs-literal">true</span>
+
+
+The first part is related <span class="hljs-keyword">to</span> authenticate between<span class="hljs-built_in"> client </span><span class="hljs-keyword">and</span> Pulsar Proxy. <span class="hljs-keyword">In</span> this phase,<span class="hljs-built_in"> client </span>works as SASL client, <span class="hljs-keyword">while</span> Pulsar<span class="hljs-built_in"> Proxy </span>works as SASL server.
+
+The second part is related <span class="hljs-keyword">to</span> authenticate between Pulsar<span class="hljs-built_in"> Proxy </span><span class="hljs-keyword">and</span> Pulsar Broker. <span class="hljs-keyword">In</span> this phase, Pulsar<span class="hljs-built_in"> Proxy </span>works as SASL client, <span class="hljs-keyword">while</span> Pulsar Broker works as SASL server.
+
+<span class="hljs-comment">### Broker side configuration.</span>
+
+The broker side configuration file is the same with the above `broker.conf`, you <span class="hljs-keyword">do</span> <span class="hljs-keyword">not</span> need special configuration <span class="hljs-keyword">for</span> Pulsar Proxy.
+
+ <span class="hljs-attribute">authenticationEnabled</span>=<span class="hljs-literal">true</span>
+ <span class="hljs-attribute">authenticationProviders</span>=org.apache.pulsar.broker.authentication.AuthenticationProviderSasl
+ <span class="hljs-attribute">saslJaasClientAllowedIds</span>=.*client.*
+ <span class="hljs-attribute">saslJaasBrokerSectionName</span>=PulsarBroker
+
+
+<span class="hljs-comment">## Regarding authorization and role token</span>
+
+<span class="hljs-keyword">For</span> Kerberos authentication, the authenticated principal is used as the role token <span class="hljs-keyword">for</span> Pulsar authorization. <span class="hljs-keyword">For</span> more information of authorization <span class="hljs-keyword">in</span> Pulsar, see [security authorization](/docs/fr/next/security-authorization).
+
+<span class="hljs-keyword">If</span> you enabled authorizationEnabled you need <span class="hljs-builtin-name">set</span> `superUserRoles` <span class="hljs-keyword">in</span> `broker.conf` that corresponding <span class="hljs-keyword">to</span> the name registered <span class="hljs-keyword">in</span> kdc
+
+<span class="hljs-keyword">For</span> example:
+
+```bash
+<span class="hljs-attribute">superUserRoles</span>=client/{clientIp}@EXAMPLE.COM
</code></pre>
<h2><a class="anchor" aria-hidden="true" id="regarding-authorization-between-bookkeeper-and-zookeeper"></a><a href="#regarding-authorization-between-bookkeeper-and-zookeeper" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.2 [...]
<p>Adding <code>bookkeeperClientAuthenticationPlugin</code> parameter in <code>broker.conf</code> is a prerequisite for Broker (as a Kerberos client) being authenticated by Bookie (as a Kerberos Server):</p>
<pre><code class="hljs">bookkeeperClientAuthenticationPlugin=org.apache.bookkeeper.sasl.SASLClientProviderFactory
</code></pre>
<p>For more details of how to configure Kerberos for BookKeeper and Zookeeper, refer to <a href="http://bookkeeper.apache.org/docs/latest/security/sasl/">BookKeeper document</a>.</p>
-</span></div></article></div><div class="docs-prevnext"><a class="docs-prev button" href="/docs/fr/next/security-athenz"><span class="arrow-prev">← </span><span>Authentication using Athenz</span></a><a class="docs-next button" href="/docs/fr/next/security-authorization"><span>Authorization and ACLs</span><span class="arrow-next"> →</span></a></div></div></div><nav class="onPageNav"><ul class="toc-headings"><li><a href="#configuration-for-kerberos-between-client-and-broker">Configuration [...]
+</span></div></article></div><div class="docs-prevnext"><a class="docs-prev button" href="/docs/fr/next/security-athenz"><span class="arrow-prev">← </span><span>Authentication using Athenz</span></a><a class="docs-next button" href="/docs/fr/next/security-authorization"><span>Authorization and ACLs</span><span class="arrow-next"> →</span></a></div></div></div><nav class="onPageNav"><ul class="toc-headings"><li><a href="#configuration-for-kerberos-between-client-and-broker">Configuration [...]
const community = document.querySelector("a[href='#community']").parentNode;
const communityMenu =
'<li>' +
diff --git a/content/docs/ja/next/reference-cli-tools.html b/content/docs/ja/next/reference-cli-tools.html
index 499eeda..b6bf217 100644
--- a/content/docs/ja/next/reference-cli-tools.html
+++ b/content/docs/ja/next/reference-cli-tools.html
@@ -305,8 +305,8 @@ $ pulsar command
<tr><th>Flag</th><th>Description</th><th>Default</th></tr>
</thead>
<tbody>
-<tr><td><code>--auth-params</code></td><td>Authentication parameters, whose format is determined by the implementation of method <code>configure</code> in authentication plugin class, for example "key1:val1,key2:val2" or "{"key1":"val1","key2":"val2"}"</td><td></td></tr>
-<tr><td><code>--auth-plugin</code></td><td>Authentication plugin class name</td><td></td></tr>
+<tr><td><code>--auth-params</code></td><td>Authentication parameters, whose format is determined by the implementation of method <code>configure</code> in authentication plugin class, for example "key1:val1,key2:val2" or "{"key1":"val1","key2":"val2"}"</td><td>{"saslJaasClientSectionName":"PulsarClient", "serverType":"broker"}</td></tr>
+<tr><td><code>--auth-plugin</code></td><td>Authentication plugin class name</td><td>org.apache.pulsar.client.impl.auth.AuthenticationSasl</td></tr>
<tr><td><code>--url</code></td><td>Broker URL to which to connect</td><td><a href="pulsar://localhost:6650/">pulsar://localhost:6650/</a></td></tr>
</tbody>
</table>
@@ -339,10 +339,10 @@ $ pulsar command
</thead>
<tbody>
<tr><td><code>--hex</code></td><td>Display binary messages in hexadecimal format.</td><td>false</td></tr>
-<tr><td><code>-n</code>, <code>--num-messages</code></td><td>Number of messages to consume, 0 means to consume forever.</td><td>0</td></tr>
+<tr><td><code>-n</code>, <code>--num-messages</code></td><td>Number of messages to consume, 0 means to consume forever.</td><td>1</td></tr>
<tr><td><code>-r</code>, <code>--rate</code></td><td>Rate (in messages per second) at which to consume; a value 0 means to consume messages as fast as possible</td><td>0.0</td></tr>
<tr><td><code>-s</code>, <code>--subscription-name</code></td><td>Subscription name</td><td></td></tr>
-<tr><td><code>-t</code>, <code>--subscription-type</code></td><td>The type of the subscription. Possible values: Exclusive, Shared, Failover.</td><td>Exclusive</td></tr>
+<tr><td><code>-t</code>, <code>--subscription-type</code></td><td>The type of the subscription. Possible values: Exclusive, Shared, Failover, Key_Shared.</td><td>Exclusive</td></tr>
</tbody>
</table>
<h2><a class="anchor" aria-hidden="true" id="pulsar-daemon"></a><a href="#pulsar-daemon" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.8 [...]
diff --git a/content/docs/ja/next/reference-cli-tools/index.html b/content/docs/ja/next/reference-cli-tools/index.html
index 499eeda..b6bf217 100644
--- a/content/docs/ja/next/reference-cli-tools/index.html
+++ b/content/docs/ja/next/reference-cli-tools/index.html
@@ -305,8 +305,8 @@ $ pulsar command
<tr><th>Flag</th><th>Description</th><th>Default</th></tr>
</thead>
<tbody>
-<tr><td><code>--auth-params</code></td><td>Authentication parameters, whose format is determined by the implementation of method <code>configure</code> in authentication plugin class, for example "key1:val1,key2:val2" or "{"key1":"val1","key2":"val2"}"</td><td></td></tr>
-<tr><td><code>--auth-plugin</code></td><td>Authentication plugin class name</td><td></td></tr>
+<tr><td><code>--auth-params</code></td><td>Authentication parameters, whose format is determined by the implementation of method <code>configure</code> in authentication plugin class, for example "key1:val1,key2:val2" or "{"key1":"val1","key2":"val2"}"</td><td>{"saslJaasClientSectionName":"PulsarClient", "serverType":"broker"}</td></tr>
+<tr><td><code>--auth-plugin</code></td><td>Authentication plugin class name</td><td>org.apache.pulsar.client.impl.auth.AuthenticationSasl</td></tr>
<tr><td><code>--url</code></td><td>Broker URL to which to connect</td><td><a href="pulsar://localhost:6650/">pulsar://localhost:6650/</a></td></tr>
</tbody>
</table>
@@ -339,10 +339,10 @@ $ pulsar command
</thead>
<tbody>
<tr><td><code>--hex</code></td><td>Display binary messages in hexadecimal format.</td><td>false</td></tr>
-<tr><td><code>-n</code>, <code>--num-messages</code></td><td>Number of messages to consume, 0 means to consume forever.</td><td>0</td></tr>
+<tr><td><code>-n</code>, <code>--num-messages</code></td><td>Number of messages to consume, 0 means to consume forever.</td><td>1</td></tr>
<tr><td><code>-r</code>, <code>--rate</code></td><td>Rate (in messages per second) at which to consume; a value 0 means to consume messages as fast as possible</td><td>0.0</td></tr>
<tr><td><code>-s</code>, <code>--subscription-name</code></td><td>Subscription name</td><td></td></tr>
-<tr><td><code>-t</code>, <code>--subscription-type</code></td><td>The type of the subscription. Possible values: Exclusive, Shared, Failover.</td><td>Exclusive</td></tr>
+<tr><td><code>-t</code>, <code>--subscription-type</code></td><td>The type of the subscription. Possible values: Exclusive, Shared, Failover, Key_Shared.</td><td>Exclusive</td></tr>
</tbody>
</table>
<h2><a class="anchor" aria-hidden="true" id="pulsar-daemon"></a><a href="#pulsar-daemon" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.8 [...]
diff --git a/content/docs/ja/next/security-kerberos.html b/content/docs/ja/next/security-kerberos.html
index 38ea323..dc1b847 100644
--- a/content/docs/ja/next/security-kerberos.html
+++ b/content/docs/ja/next/security-kerberos.html
@@ -173,9 +173,9 @@ saslJaasBrokerSectionName=PulsarBroker</p></li>
<pre><code class="hljs css language-java"> System.setProperty(<span class="hljs-string">"java.security.auth.login.config"</span>, <span class="hljs-string">"/etc/pulsar/pulsar_jaas.conf"</span>);
System.setProperty(<span class="hljs-string">"java.security.krb5.conf"</span>, <span class="hljs-string">"/etc/pulsar/krb5.conf"</span>);
- Map<String, String> clientSaslConfig = Maps.newHashMap();
- clientSaslConfig.put(<span class="hljs-string">"saslJaasClientSectionName"</span>, <span class="hljs-string">"PulsarClient"</span>);
- clientSaslConfig.put(<span class="hljs-string">"serverType"</span>, <span class="hljs-string">"broker"</span>);
+ Map<String, String> authParams = Maps.newHashMap();
+ authParams.put(<span class="hljs-string">"saslJaasClientSectionName"</span>, <span class="hljs-string">"PulsarClient"</span>);
+ authParams.put(<span class="hljs-string">"serverType"</span>, <span class="hljs-string">"broker"</span>);
Authentication saslAuth = AuthenticationFactory
.create(org.apache.pulsar.client.impl.auth.AuthenticationSasl.class.getName(), authParams);
@@ -185,18 +185,26 @@ saslJaasBrokerSectionName=PulsarBroker</p></li>
.authentication(saslAuth)
.build();
</code></pre>
-<p>Make sure that the keytabs configured in the <code>pulsar_jaas.conf</code> file and kdc server in the <code>krb5.conf</code> file are reachable by the operating system user who is starting pulsar client.</p>
-<p>If you are using command line, you can continue with these step:</p>
-<ol>
-<li>Config your <code>client.conf</code>:</li>
-</ol>
-<pre><code class="hljs css language-shell">authPlugin=org.apache.pulsar.client.impl.auth.AuthenticationSasl
-authParams={"saslJaasClientSectionName":"PulsarClient", "serverType":"broker"}
-</code></pre>
-<ol start="2">
-<li>Set JVM parameter for JAAS configuration file and krb5 configuration file with additional option.</li>
-</ol>
-<pre><code class="hljs css language-shell"> -Djava.security.auth.login.config=/etc/pulsar/pulsar_jaas.conf -Djava.security.krb5.conf=/etc/pulsar/krb5.conf
+<blockquote>
+<p>The first two lines in the example above are hard coded, alternatively, you can set additional JVM parameters for JAAS and krb5 configuration file when running the application like below:</p>
+</blockquote>
+<pre><code class="hljs">
+java -cp -Djava.security.auth.login.<span class="hljs-attribute">config</span>=/etc/pulsar/pulsar_jaas.conf -Djava.security.krb5.<span class="hljs-attribute">conf</span>=/etc/pulsar/krb5.conf <span class="hljs-variable">$APP</span>-jar-with-dependencies.jar <span class="hljs-variable">$CLASSNAME</span>
+
+ <br />Make sure that the keytabs configured <span class="hljs-keyword">in</span> the `pulsar_jaas.conf` file <span class="hljs-keyword">and</span> kdc<span class="hljs-built_in"> server </span><span class="hljs-keyword">in</span> the `krb5.conf` file are reachable by the operating<span class="hljs-built_in"> system user </span>who is starting pulsar client.
+
+ <span class="hljs-keyword">If</span> you are using command line, you can continue with these <span class="hljs-keyword">step</span>:
+
+ 1.<span class="hljs-built_in"> Config </span>your `client.conf`:
+ ```shell
+ <span class="hljs-attribute">authPlugin</span>=org.apache.pulsar.client.impl.auth.AuthenticationSasl
+ authParams={<span class="hljs-string">"saslJaasClientSectionName"</span>:<span class="hljs-string">"PulsarClient"</span>, <span class="hljs-string">"serverType"</span>:<span class="hljs-string">"broker"</span>}
+
+
+2. <span class="hljs-builtin-name">Set</span> JVM parameter <span class="hljs-keyword">for</span> JAAS configuration file <span class="hljs-keyword">and</span> krb5 configuration file with additional option.
+
+```shell
+ -Djava.security.auth.login.<span class="hljs-attribute">config</span>=/etc/pulsar/pulsar_jaas.conf -Djava.security.krb5.<span class="hljs-attribute">conf</span>=/etc/pulsar/krb5.conf
</code></pre>
<p>You can add this at the end of <code>PULSAR_EXTRA_OPTS</code> in the file <a href="https://github.com/apache/pulsar/blob/master/conf/pulsar_tools_env.sh"><code>pulsar_tools_env.sh</code></a></p>
<h2><a class="anchor" aria-hidden="true" id="kerberos-configuration-for-working-with-pulsar-proxy"></a><a href="#kerberos-configuration-for-working-with-pulsar-proxy" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S [...]
@@ -250,9 +258,9 @@ sudo /usr/sbin/kadmin.local -q "ktadd -k /etc/security/keytabs/{client-keytabnam
<pre><code class="hljs css language-java"> System.setProperty(<span class="hljs-string">"java.security.auth.login.config"</span>, <span class="hljs-string">"/etc/pulsar/pulsar_jaas.conf"</span>);
System.setProperty(<span class="hljs-string">"java.security.krb5.conf"</span>, <span class="hljs-string">"/etc/pulsar/krb5.conf"</span>);
- Map<String, String> clientSaslConfig = Maps.newHashMap();
- clientSaslConfig.put(<span class="hljs-string">"saslJaasClientSectionName"</span>, <span class="hljs-string">"PulsarClient"</span>);
- clientSaslConfig.put(<span class="hljs-string">"serverType"</span>, <span class="hljs-string">"proxy"</span>); <span class="hljs-comment">// ** here is the different **</span>
+ Map<String, String> authParams = Maps.newHashMap();
+ authParams.put(<span class="hljs-string">"saslJaasClientSectionName"</span>, <span class="hljs-string">"PulsarClient"</span>);
+ authParams.put(<span class="hljs-string">"serverType"</span>, <span class="hljs-string">"proxy"</span>); <span class="hljs-comment">// ** here is the different **</span>
Authentication saslAuth = AuthenticationFactory
.create(org.apache.pulsar.client.impl.auth.AuthenticationSasl.class.getName(), authParams);
@@ -262,40 +270,59 @@ sudo /usr/sbin/kadmin.local -q "ktadd -k /etc/security/keytabs/{client-keytabnam
.authentication(saslAuth)
.build();
</code></pre>
-<h3><a class="anchor" aria-hidden="true" id="kerberos-configuration-for-pulsar-proxy-service"></a><a href="#kerberos-configuration-for-pulsar-proxy-service" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9 [...]
-<p>In the <code>proxy.conf</code> file, set Kerberos related configuration. Here is an example:</p>
-<pre><code class="hljs css language-shell"><span class="hljs-meta">#</span><span class="bash"><span class="hljs-comment"># related to authenticate client.</span></span>
-authenticationEnabled=true
-authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderSasl
-saslJaasClientAllowedIds=.*client.*
-saslJaasBrokerSectionName=PulsarProxy
-<span class="hljs-meta">
-#</span><span class="bash"><span class="hljs-comment"># related to be authenticated by broker</span></span>
-brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationSasl
-brokerClientAuthenticationParameters=saslJaasClientSectionName:PulsarProxy,serverType:broker
-forwardAuthorizationCredentials=true
-</code></pre>
-<p>The first part is related to authenticate between client and Pulsar Proxy. In this phase, client works as SASL client, while Pulsar Proxy works as SASL server.</p>
-<p>The second part is related to authenticate between Pulsar Proxy and Pulsar Broker. In this phase, Pulsar Proxy works as SASL client, while Pulsar Broker works as SASL server.</p>
-<h3><a class="anchor" aria-hidden="true" id="broker-side-configuration"></a><a href="#broker-side-configuration" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c [...]
-<p>The broker side configuration file is the same with the above <code>broker.conf</code>, you do not need special configuration for Pulsar Proxy.</p>
-<pre><code class="hljs">authenticationEnabled=true
-authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderSasl
-saslJaasClientAllowedIds=.*client.*
-saslJaasBrokerSectionName=PulsarBroker
-</code></pre>
-<h2><a class="anchor" aria-hidden="true" id="regarding-authorization-and-role-token"></a><a href="#regarding-authorization-and-role-token" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1. [...]
-<p>For Kerberos authentication, the authenticated principal is used as the role token for Pulsar authorization. For more information of authorization in Pulsar, see <a href="/docs/ja/next/security-authorization">security authorization</a>.</p>
-<p>If you enabled authorizationEnabled you need set <code>superUserRoles</code> in <code>broker.conf</code> that corresponding to the name registered in kdc</p>
-<p>For example:</p>
-<pre><code class="hljs css language-bash">superUserRoles=client/{clientIp}@EXAMPLE.COM
+<blockquote>
+<p>The first two lines in the example above are hard coded, alternatively, you can set additional JVM parameters for JAAS and krb5 configuration file when running the application like below:</p>
+</blockquote>
+<pre><code class="hljs">
+java -cp -Djava.security.auth.login.<span class="hljs-attribute">config</span>=/etc/pulsar/pulsar_jaas.conf -Djava.security.krb5.<span class="hljs-attribute">conf</span>=/etc/pulsar/krb5.conf <span class="hljs-variable">$APP</span>-jar-with-dependencies.jar <span class="hljs-variable">$CLASSNAME</span>
+
+ <br />### Kerberos configuration <span class="hljs-keyword">for</span> Pulsar<span class="hljs-built_in"> Proxy service
+</span>
+ <span class="hljs-keyword">In</span> the `proxy.conf` file, <span class="hljs-builtin-name">set</span> Kerberos related configuration. Here is an example:
+ ```shell
+ ## related <span class="hljs-keyword">to</span> authenticate client.
+ <span class="hljs-attribute">authenticationEnabled</span>=<span class="hljs-literal">true</span>
+ <span class="hljs-attribute">authenticationProviders</span>=org.apache.pulsar.broker.authentication.AuthenticationProviderSasl
+ <span class="hljs-attribute">saslJaasClientAllowedIds</span>=.*client.*
+ <span class="hljs-attribute">saslJaasBrokerSectionName</span>=PulsarProxy
+
+ ## related <span class="hljs-keyword">to</span> be authenticated by broker
+ <span class="hljs-attribute">brokerClientAuthenticationPlugin</span>=org.apache.pulsar.client.impl.auth.AuthenticationSasl
+ <span class="hljs-attribute">brokerClientAuthenticationParameters</span>=saslJaasClientSectionName:PulsarProxy,serverType:broker
+ <span class="hljs-attribute">forwardAuthorizationCredentials</span>=<span class="hljs-literal">true</span>
+
+
+The first part is related <span class="hljs-keyword">to</span> authenticate between<span class="hljs-built_in"> client </span><span class="hljs-keyword">and</span> Pulsar Proxy. <span class="hljs-keyword">In</span> this phase,<span class="hljs-built_in"> client </span>works as SASL client, <span class="hljs-keyword">while</span> Pulsar<span class="hljs-built_in"> Proxy </span>works as SASL server.
+
+The second part is related <span class="hljs-keyword">to</span> authenticate between Pulsar<span class="hljs-built_in"> Proxy </span><span class="hljs-keyword">and</span> Pulsar Broker. <span class="hljs-keyword">In</span> this phase, Pulsar<span class="hljs-built_in"> Proxy </span>works as SASL client, <span class="hljs-keyword">while</span> Pulsar Broker works as SASL server.
+
+<span class="hljs-comment">### Broker side configuration.</span>
+
+The broker side configuration file is the same with the above `broker.conf`, you <span class="hljs-keyword">do</span> <span class="hljs-keyword">not</span> need special configuration <span class="hljs-keyword">for</span> Pulsar Proxy.
+
+ <span class="hljs-attribute">authenticationEnabled</span>=<span class="hljs-literal">true</span>
+ <span class="hljs-attribute">authenticationProviders</span>=org.apache.pulsar.broker.authentication.AuthenticationProviderSasl
+ <span class="hljs-attribute">saslJaasClientAllowedIds</span>=.*client.*
+ <span class="hljs-attribute">saslJaasBrokerSectionName</span>=PulsarBroker
+
+
+<span class="hljs-comment">## Regarding authorization and role token</span>
+
+<span class="hljs-keyword">For</span> Kerberos authentication, the authenticated principal is used as the role token <span class="hljs-keyword">for</span> Pulsar authorization. <span class="hljs-keyword">For</span> more information of authorization <span class="hljs-keyword">in</span> Pulsar, see [security authorization](/docs/ja/next/security-authorization).
+
+<span class="hljs-keyword">If</span> you enabled authorizationEnabled you need <span class="hljs-builtin-name">set</span> `superUserRoles` <span class="hljs-keyword">in</span> `broker.conf` that corresponding <span class="hljs-keyword">to</span> the name registered <span class="hljs-keyword">in</span> kdc
+
+<span class="hljs-keyword">For</span> example:
+
+```bash
+<span class="hljs-attribute">superUserRoles</span>=client/{clientIp}@EXAMPLE.COM
</code></pre>
<h2><a class="anchor" aria-hidden="true" id="regarding-authorization-between-bookkeeper-and-zookeeper"></a><a href="#regarding-authorization-between-bookkeeper-and-zookeeper" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.2 [...]
<p>Adding <code>bookkeeperClientAuthenticationPlugin</code> parameter in <code>broker.conf</code> is a prerequisite for Broker (as a Kerberos client) being authenticated by Bookie (as a Kerberos Server):</p>
<pre><code class="hljs">bookkeeperClientAuthenticationPlugin=org.apache.bookkeeper.sasl.SASLClientProviderFactory
</code></pre>
<p>For more details of how to configure Kerberos for BookKeeper and Zookeeper, refer to <a href="http://bookkeeper.apache.org/docs/latest/security/sasl/">BookKeeper document</a>.</p>
-</span></div></article></div><div class="docs-prevnext"><a class="docs-prev button" href="/docs/ja/next/security-athenz"><span class="arrow-prev">← </span><span>Authentication using Athenz</span></a><a class="docs-next button" href="/docs/ja/next/security-authorization"><span>認可と ACL</span><span class="arrow-next"> →</span></a></div></div></div><nav class="onPageNav"><ul class="toc-headings"><li><a href="#configuration-for-kerberos-between-client-and-broker">Configuration for Kerberos be [...]
+</span></div></article></div><div class="docs-prevnext"><a class="docs-prev button" href="/docs/ja/next/security-athenz"><span class="arrow-prev">← </span><span>Authentication using Athenz</span></a><a class="docs-next button" href="/docs/ja/next/security-authorization"><span>認可と ACL</span><span class="arrow-next"> →</span></a></div></div></div><nav class="onPageNav"><ul class="toc-headings"><li><a href="#configuration-for-kerberos-between-client-and-broker">Configuration for Kerberos be [...]
const community = document.querySelector("a[href='#community']").parentNode;
const communityMenu =
'<li>' +
diff --git a/content/docs/ja/next/security-kerberos/index.html b/content/docs/ja/next/security-kerberos/index.html
index 38ea323..dc1b847 100644
--- a/content/docs/ja/next/security-kerberos/index.html
+++ b/content/docs/ja/next/security-kerberos/index.html
@@ -173,9 +173,9 @@ saslJaasBrokerSectionName=PulsarBroker</p></li>
<pre><code class="hljs css language-java"> System.setProperty(<span class="hljs-string">"java.security.auth.login.config"</span>, <span class="hljs-string">"/etc/pulsar/pulsar_jaas.conf"</span>);
System.setProperty(<span class="hljs-string">"java.security.krb5.conf"</span>, <span class="hljs-string">"/etc/pulsar/krb5.conf"</span>);
- Map<String, String> clientSaslConfig = Maps.newHashMap();
- clientSaslConfig.put(<span class="hljs-string">"saslJaasClientSectionName"</span>, <span class="hljs-string">"PulsarClient"</span>);
- clientSaslConfig.put(<span class="hljs-string">"serverType"</span>, <span class="hljs-string">"broker"</span>);
+ Map<String, String> authParams = Maps.newHashMap();
+ authParams.put(<span class="hljs-string">"saslJaasClientSectionName"</span>, <span class="hljs-string">"PulsarClient"</span>);
+ authParams.put(<span class="hljs-string">"serverType"</span>, <span class="hljs-string">"broker"</span>);
Authentication saslAuth = AuthenticationFactory
.create(org.apache.pulsar.client.impl.auth.AuthenticationSasl.class.getName(), authParams);
@@ -185,18 +185,26 @@ saslJaasBrokerSectionName=PulsarBroker</p></li>
.authentication(saslAuth)
.build();
</code></pre>
-<p>Make sure that the keytabs configured in the <code>pulsar_jaas.conf</code> file and kdc server in the <code>krb5.conf</code> file are reachable by the operating system user who is starting pulsar client.</p>
-<p>If you are using command line, you can continue with these step:</p>
-<ol>
-<li>Config your <code>client.conf</code>:</li>
-</ol>
-<pre><code class="hljs css language-shell">authPlugin=org.apache.pulsar.client.impl.auth.AuthenticationSasl
-authParams={"saslJaasClientSectionName":"PulsarClient", "serverType":"broker"}
-</code></pre>
-<ol start="2">
-<li>Set JVM parameter for JAAS configuration file and krb5 configuration file with additional option.</li>
-</ol>
-<pre><code class="hljs css language-shell"> -Djava.security.auth.login.config=/etc/pulsar/pulsar_jaas.conf -Djava.security.krb5.conf=/etc/pulsar/krb5.conf
+<blockquote>
+<p>The first two lines in the example above are hard coded, alternatively, you can set additional JVM parameters for JAAS and krb5 configuration file when running the application like below:</p>
+</blockquote>
+<pre><code class="hljs">
+java -cp -Djava.security.auth.login.<span class="hljs-attribute">config</span>=/etc/pulsar/pulsar_jaas.conf -Djava.security.krb5.<span class="hljs-attribute">conf</span>=/etc/pulsar/krb5.conf <span class="hljs-variable">$APP</span>-jar-with-dependencies.jar <span class="hljs-variable">$CLASSNAME</span>
+
+ <br />Make sure that the keytabs configured <span class="hljs-keyword">in</span> the `pulsar_jaas.conf` file <span class="hljs-keyword">and</span> kdc<span class="hljs-built_in"> server </span><span class="hljs-keyword">in</span> the `krb5.conf` file are reachable by the operating<span class="hljs-built_in"> system user </span>who is starting pulsar client.
+
+ <span class="hljs-keyword">If</span> you are using command line, you can continue with these <span class="hljs-keyword">step</span>:
+
+ 1.<span class="hljs-built_in"> Config </span>your `client.conf`:
+ ```shell
+ <span class="hljs-attribute">authPlugin</span>=org.apache.pulsar.client.impl.auth.AuthenticationSasl
+ authParams={<span class="hljs-string">"saslJaasClientSectionName"</span>:<span class="hljs-string">"PulsarClient"</span>, <span class="hljs-string">"serverType"</span>:<span class="hljs-string">"broker"</span>}
+
+
+2. <span class="hljs-builtin-name">Set</span> JVM parameter <span class="hljs-keyword">for</span> JAAS configuration file <span class="hljs-keyword">and</span> krb5 configuration file with additional option.
+
+```shell
+ -Djava.security.auth.login.<span class="hljs-attribute">config</span>=/etc/pulsar/pulsar_jaas.conf -Djava.security.krb5.<span class="hljs-attribute">conf</span>=/etc/pulsar/krb5.conf
</code></pre>
<p>You can add this at the end of <code>PULSAR_EXTRA_OPTS</code> in the file <a href="https://github.com/apache/pulsar/blob/master/conf/pulsar_tools_env.sh"><code>pulsar_tools_env.sh</code></a></p>
<h2><a class="anchor" aria-hidden="true" id="kerberos-configuration-for-working-with-pulsar-proxy"></a><a href="#kerberos-configuration-for-working-with-pulsar-proxy" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S [...]
@@ -250,9 +258,9 @@ sudo /usr/sbin/kadmin.local -q "ktadd -k /etc/security/keytabs/{client-keytabnam
<pre><code class="hljs css language-java"> System.setProperty(<span class="hljs-string">"java.security.auth.login.config"</span>, <span class="hljs-string">"/etc/pulsar/pulsar_jaas.conf"</span>);
System.setProperty(<span class="hljs-string">"java.security.krb5.conf"</span>, <span class="hljs-string">"/etc/pulsar/krb5.conf"</span>);
- Map<String, String> clientSaslConfig = Maps.newHashMap();
- clientSaslConfig.put(<span class="hljs-string">"saslJaasClientSectionName"</span>, <span class="hljs-string">"PulsarClient"</span>);
- clientSaslConfig.put(<span class="hljs-string">"serverType"</span>, <span class="hljs-string">"proxy"</span>); <span class="hljs-comment">// ** here is the different **</span>
+ Map<String, String> authParams = Maps.newHashMap();
+ authParams.put(<span class="hljs-string">"saslJaasClientSectionName"</span>, <span class="hljs-string">"PulsarClient"</span>);
+ authParams.put(<span class="hljs-string">"serverType"</span>, <span class="hljs-string">"proxy"</span>); <span class="hljs-comment">// ** here is the different **</span>
Authentication saslAuth = AuthenticationFactory
.create(org.apache.pulsar.client.impl.auth.AuthenticationSasl.class.getName(), authParams);
@@ -262,40 +270,59 @@ sudo /usr/sbin/kadmin.local -q "ktadd -k /etc/security/keytabs/{client-keytabnam
.authentication(saslAuth)
.build();
</code></pre>
-<h3><a class="anchor" aria-hidden="true" id="kerberos-configuration-for-pulsar-proxy-service"></a><a href="#kerberos-configuration-for-pulsar-proxy-service" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9 [...]
-<p>In the <code>proxy.conf</code> file, set Kerberos related configuration. Here is an example:</p>
-<pre><code class="hljs css language-shell"><span class="hljs-meta">#</span><span class="bash"><span class="hljs-comment"># related to authenticate client.</span></span>
-authenticationEnabled=true
-authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderSasl
-saslJaasClientAllowedIds=.*client.*
-saslJaasBrokerSectionName=PulsarProxy
-<span class="hljs-meta">
-#</span><span class="bash"><span class="hljs-comment"># related to be authenticated by broker</span></span>
-brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationSasl
-brokerClientAuthenticationParameters=saslJaasClientSectionName:PulsarProxy,serverType:broker
-forwardAuthorizationCredentials=true
-</code></pre>
-<p>The first part is related to authenticate between client and Pulsar Proxy. In this phase, client works as SASL client, while Pulsar Proxy works as SASL server.</p>
-<p>The second part is related to authenticate between Pulsar Proxy and Pulsar Broker. In this phase, Pulsar Proxy works as SASL client, while Pulsar Broker works as SASL server.</p>
-<h3><a class="anchor" aria-hidden="true" id="broker-side-configuration"></a><a href="#broker-side-configuration" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c [...]
-<p>The broker side configuration file is the same with the above <code>broker.conf</code>, you do not need special configuration for Pulsar Proxy.</p>
-<pre><code class="hljs">authenticationEnabled=true
-authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderSasl
-saslJaasClientAllowedIds=.*client.*
-saslJaasBrokerSectionName=PulsarBroker
-</code></pre>
-<h2><a class="anchor" aria-hidden="true" id="regarding-authorization-and-role-token"></a><a href="#regarding-authorization-and-role-token" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1. [...]
-<p>For Kerberos authentication, the authenticated principal is used as the role token for Pulsar authorization. For more information of authorization in Pulsar, see <a href="/docs/ja/next/security-authorization">security authorization</a>.</p>
-<p>If you enabled authorizationEnabled you need set <code>superUserRoles</code> in <code>broker.conf</code> that corresponding to the name registered in kdc</p>
-<p>For example:</p>
-<pre><code class="hljs css language-bash">superUserRoles=client/{clientIp}@EXAMPLE.COM
+<blockquote>
+<p>The first two lines in the example above are hard coded, alternatively, you can set additional JVM parameters for JAAS and krb5 configuration file when running the application like below:</p>
+</blockquote>
+<pre><code class="hljs">
+java -cp -Djava.security.auth.login.<span class="hljs-attribute">config</span>=/etc/pulsar/pulsar_jaas.conf -Djava.security.krb5.<span class="hljs-attribute">conf</span>=/etc/pulsar/krb5.conf <span class="hljs-variable">$APP</span>-jar-with-dependencies.jar <span class="hljs-variable">$CLASSNAME</span>
+
+ <br />### Kerberos configuration <span class="hljs-keyword">for</span> Pulsar<span class="hljs-built_in"> Proxy service
+</span>
+ <span class="hljs-keyword">In</span> the `proxy.conf` file, <span class="hljs-builtin-name">set</span> Kerberos related configuration. Here is an example:
+ ```shell
+ ## related <span class="hljs-keyword">to</span> authenticate client.
+ <span class="hljs-attribute">authenticationEnabled</span>=<span class="hljs-literal">true</span>
+ <span class="hljs-attribute">authenticationProviders</span>=org.apache.pulsar.broker.authentication.AuthenticationProviderSasl
+ <span class="hljs-attribute">saslJaasClientAllowedIds</span>=.*client.*
+ <span class="hljs-attribute">saslJaasBrokerSectionName</span>=PulsarProxy
+
+ ## related <span class="hljs-keyword">to</span> be authenticated by broker
+ <span class="hljs-attribute">brokerClientAuthenticationPlugin</span>=org.apache.pulsar.client.impl.auth.AuthenticationSasl
+ <span class="hljs-attribute">brokerClientAuthenticationParameters</span>=saslJaasClientSectionName:PulsarProxy,serverType:broker
+ <span class="hljs-attribute">forwardAuthorizationCredentials</span>=<span class="hljs-literal">true</span>
+
+
+The first part is related <span class="hljs-keyword">to</span> authenticate between<span class="hljs-built_in"> client </span><span class="hljs-keyword">and</span> Pulsar Proxy. <span class="hljs-keyword">In</span> this phase,<span class="hljs-built_in"> client </span>works as SASL client, <span class="hljs-keyword">while</span> Pulsar<span class="hljs-built_in"> Proxy </span>works as SASL server.
+
+The second part is related <span class="hljs-keyword">to</span> authenticate between Pulsar<span class="hljs-built_in"> Proxy </span><span class="hljs-keyword">and</span> Pulsar Broker. <span class="hljs-keyword">In</span> this phase, Pulsar<span class="hljs-built_in"> Proxy </span>works as SASL client, <span class="hljs-keyword">while</span> Pulsar Broker works as SASL server.
+
+<span class="hljs-comment">### Broker side configuration.</span>
+
+The broker side configuration file is the same with the above `broker.conf`, you <span class="hljs-keyword">do</span> <span class="hljs-keyword">not</span> need special configuration <span class="hljs-keyword">for</span> Pulsar Proxy.
+
+ <span class="hljs-attribute">authenticationEnabled</span>=<span class="hljs-literal">true</span>
+ <span class="hljs-attribute">authenticationProviders</span>=org.apache.pulsar.broker.authentication.AuthenticationProviderSasl
+ <span class="hljs-attribute">saslJaasClientAllowedIds</span>=.*client.*
+ <span class="hljs-attribute">saslJaasBrokerSectionName</span>=PulsarBroker
+
+
+<span class="hljs-comment">## Regarding authorization and role token</span>
+
+<span class="hljs-keyword">For</span> Kerberos authentication, the authenticated principal is used as the role token <span class="hljs-keyword">for</span> Pulsar authorization. <span class="hljs-keyword">For</span> more information of authorization <span class="hljs-keyword">in</span> Pulsar, see [security authorization](/docs/ja/next/security-authorization).
+
+<span class="hljs-keyword">If</span> you enabled authorizationEnabled you need <span class="hljs-builtin-name">set</span> `superUserRoles` <span class="hljs-keyword">in</span> `broker.conf` that corresponding <span class="hljs-keyword">to</span> the name registered <span class="hljs-keyword">in</span> kdc
+
+<span class="hljs-keyword">For</span> example:
+
+```bash
+<span class="hljs-attribute">superUserRoles</span>=client/{clientIp}@EXAMPLE.COM
</code></pre>
<h2><a class="anchor" aria-hidden="true" id="regarding-authorization-between-bookkeeper-and-zookeeper"></a><a href="#regarding-authorization-between-bookkeeper-and-zookeeper" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.2 [...]
<p>Adding <code>bookkeeperClientAuthenticationPlugin</code> parameter in <code>broker.conf</code> is a prerequisite for Broker (as a Kerberos client) being authenticated by Bookie (as a Kerberos Server):</p>
<pre><code class="hljs">bookkeeperClientAuthenticationPlugin=org.apache.bookkeeper.sasl.SASLClientProviderFactory
</code></pre>
<p>For more details of how to configure Kerberos for BookKeeper and Zookeeper, refer to <a href="http://bookkeeper.apache.org/docs/latest/security/sasl/">BookKeeper document</a>.</p>
-</span></div></article></div><div class="docs-prevnext"><a class="docs-prev button" href="/docs/ja/next/security-athenz"><span class="arrow-prev">← </span><span>Authentication using Athenz</span></a><a class="docs-next button" href="/docs/ja/next/security-authorization"><span>認可と ACL</span><span class="arrow-next"> →</span></a></div></div></div><nav class="onPageNav"><ul class="toc-headings"><li><a href="#configuration-for-kerberos-between-client-and-broker">Configuration for Kerberos be [...]
+</span></div></article></div><div class="docs-prevnext"><a class="docs-prev button" href="/docs/ja/next/security-athenz"><span class="arrow-prev">← </span><span>Authentication using Athenz</span></a><a class="docs-next button" href="/docs/ja/next/security-authorization"><span>認可と ACL</span><span class="arrow-next"> →</span></a></div></div></div><nav class="onPageNav"><ul class="toc-headings"><li><a href="#configuration-for-kerberos-between-client-and-broker">Configuration for Kerberos be [...]
const community = document.querySelector("a[href='#community']").parentNode;
const communityMenu =
'<li>' +
diff --git a/content/docs/zh-CN/next/reference-cli-tools.html b/content/docs/zh-CN/next/reference-cli-tools.html
index 0bbe1ed..a30136e 100644
--- a/content/docs/zh-CN/next/reference-cli-tools.html
+++ b/content/docs/zh-CN/next/reference-cli-tools.html
@@ -305,8 +305,8 @@ $ pulsar command
<tr><th>Flag</th><th>说明:</th><th>默认值</th></tr>
</thead>
<tbody>
-<tr><td><code>--auth-params</code></td><td>Authentication parameters, whose format is determined by the implementation of method <code>configure</code> in authentication plugin class, for example "key1:val1,key2:val2" or "{"key1":"val1","key2":"val2"}"</td><td></td></tr>
-<tr><td><code>--auth-plugin</code></td><td>Authentication plugin class name</td><td></td></tr>
+<tr><td><code>--auth-params</code></td><td>Authentication parameters, whose format is determined by the implementation of method <code>configure</code> in authentication plugin class, for example "key1:val1,key2:val2" or "{"key1":"val1","key2":"val2"}"</td><td>{"saslJaasClientSectionName":"PulsarClient", "serverType":"broker"}</td></tr>
+<tr><td><code>--auth-plugin</code></td><td>Authentication plugin class name</td><td>org.apache.pulsar.client.impl.auth.AuthenticationSasl</td></tr>
<tr><td><code>--url</code></td><td>Broker URL to which to connect</td><td><a href="pulsar://localhost:6650/">pulsar://localhost:6650/</a></td></tr>
</tbody>
</table>
@@ -339,10 +339,10 @@ $ pulsar command
</thead>
<tbody>
<tr><td><code>--hex</code></td><td>Display binary messages in hexadecimal format.</td><td>false</td></tr>
-<tr><td><code>-n</code>, <code>--num-messages</code></td><td>Number of messages to consume, 0 means to consume forever.</td><td>0</td></tr>
+<tr><td><code>-n</code>, <code>--num-messages</code></td><td>Number of messages to consume, 0 means to consume forever.</td><td>1</td></tr>
<tr><td><code>-r</code>, <code>--rate</code></td><td>Rate (in messages per second) at which to consume; a value 0 means to consume messages as fast as possible</td><td>0.0</td></tr>
<tr><td><code>-s</code>, <code>--subscription-name</code></td><td>Subscription name</td><td></td></tr>
-<tr><td><code>-t</code>, <code>--subscription-type</code></td><td>The type of the subscription. Possible values: Exclusive, Shared, Failover.</td><td>Exclusive</td></tr>
+<tr><td><code>-t</code>, <code>--subscription-type</code></td><td>The type of the subscription. Possible values: Exclusive, Shared, Failover, Key_Shared.</td><td>Exclusive</td></tr>
</tbody>
</table>
<h2><a class="anchor" aria-hidden="true" id="pulsar-daemon"></a><a href="#pulsar-daemon" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.8 [...]
diff --git a/content/docs/zh-CN/next/reference-cli-tools/index.html b/content/docs/zh-CN/next/reference-cli-tools/index.html
index 0bbe1ed..a30136e 100644
--- a/content/docs/zh-CN/next/reference-cli-tools/index.html
+++ b/content/docs/zh-CN/next/reference-cli-tools/index.html
@@ -305,8 +305,8 @@ $ pulsar command
<tr><th>Flag</th><th>说明:</th><th>默认值</th></tr>
</thead>
<tbody>
-<tr><td><code>--auth-params</code></td><td>Authentication parameters, whose format is determined by the implementation of method <code>configure</code> in authentication plugin class, for example "key1:val1,key2:val2" or "{"key1":"val1","key2":"val2"}"</td><td></td></tr>
-<tr><td><code>--auth-plugin</code></td><td>Authentication plugin class name</td><td></td></tr>
+<tr><td><code>--auth-params</code></td><td>Authentication parameters, whose format is determined by the implementation of method <code>configure</code> in authentication plugin class, for example "key1:val1,key2:val2" or "{"key1":"val1","key2":"val2"}"</td><td>{"saslJaasClientSectionName":"PulsarClient", "serverType":"broker"}</td></tr>
+<tr><td><code>--auth-plugin</code></td><td>Authentication plugin class name</td><td>org.apache.pulsar.client.impl.auth.AuthenticationSasl</td></tr>
<tr><td><code>--url</code></td><td>Broker URL to which to connect</td><td><a href="pulsar://localhost:6650/">pulsar://localhost:6650/</a></td></tr>
</tbody>
</table>
@@ -339,10 +339,10 @@ $ pulsar command
</thead>
<tbody>
<tr><td><code>--hex</code></td><td>Display binary messages in hexadecimal format.</td><td>false</td></tr>
-<tr><td><code>-n</code>, <code>--num-messages</code></td><td>Number of messages to consume, 0 means to consume forever.</td><td>0</td></tr>
+<tr><td><code>-n</code>, <code>--num-messages</code></td><td>Number of messages to consume, 0 means to consume forever.</td><td>1</td></tr>
<tr><td><code>-r</code>, <code>--rate</code></td><td>Rate (in messages per second) at which to consume; a value 0 means to consume messages as fast as possible</td><td>0.0</td></tr>
<tr><td><code>-s</code>, <code>--subscription-name</code></td><td>Subscription name</td><td></td></tr>
-<tr><td><code>-t</code>, <code>--subscription-type</code></td><td>The type of the subscription. Possible values: Exclusive, Shared, Failover.</td><td>Exclusive</td></tr>
+<tr><td><code>-t</code>, <code>--subscription-type</code></td><td>The type of the subscription. Possible values: Exclusive, Shared, Failover, Key_Shared.</td><td>Exclusive</td></tr>
</tbody>
</table>
<h2><a class="anchor" aria-hidden="true" id="pulsar-daemon"></a><a href="#pulsar-daemon" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.8 [...]
diff --git a/content/docs/zh-CN/next/security-kerberos.html b/content/docs/zh-CN/next/security-kerberos.html
index b136221..df2a174 100644
--- a/content/docs/zh-CN/next/security-kerberos.html
+++ b/content/docs/zh-CN/next/security-kerberos.html
@@ -173,9 +173,9 @@ saslJaasBrokerSectionName=PulsarBroker</p></li>
<pre><code class="hljs css language-java"> System.setProperty(<span class="hljs-string">"java.security.auth.login.config"</span>, <span class="hljs-string">"/etc/pulsar/pulsar_jaas.conf"</span>);
System.setProperty(<span class="hljs-string">"java.security.krb5.conf"</span>, <span class="hljs-string">"/etc/pulsar/krb5.conf"</span>);
- Map<String, String> clientSaslConfig = Maps.newHashMap();
- clientSaslConfig.put(<span class="hljs-string">"saslJaasClientSectionName"</span>, <span class="hljs-string">"PulsarClient"</span>);
- clientSaslConfig.put(<span class="hljs-string">"serverType"</span>, <span class="hljs-string">"broker"</span>);
+ Map<String, String> authParams = Maps.newHashMap();
+ authParams.put(<span class="hljs-string">"saslJaasClientSectionName"</span>, <span class="hljs-string">"PulsarClient"</span>);
+ authParams.put(<span class="hljs-string">"serverType"</span>, <span class="hljs-string">"broker"</span>);
Authentication saslAuth = AuthenticationFactory
.create(org.apache.pulsar.client.impl.auth.AuthenticationSasl.class.getName(), authParams);
@@ -185,18 +185,26 @@ saslJaasBrokerSectionName=PulsarBroker</p></li>
.authentication(saslAuth)
.build();
</code></pre>
-<p>Make sure that the keytabs configured in the <code>pulsar_jaas.conf</code> file and kdc server in the <code>krb5.conf</code> file are reachable by the operating system user who is starting pulsar client.</p>
-<p>If you are using command line, you can continue with these step:</p>
-<ol>
-<li>Config your <code>client.conf</code>:</li>
-</ol>
-<pre><code class="hljs css language-shell">authPlugin=org.apache.pulsar.client.impl.auth.AuthenticationSasl
-authParams={"saslJaasClientSectionName":"PulsarClient", "serverType":"broker"}
-</code></pre>
-<ol start="2">
-<li>Set JVM parameter for JAAS configuration file and krb5 configuration file with additional option.</li>
-</ol>
-<pre><code class="hljs css language-shell"> -Djava.security.auth.login.config=/etc/pulsar/pulsar_jaas.conf -Djava.security.krb5.conf=/etc/pulsar/krb5.conf
+<blockquote>
+<p>The first two lines in the example above are hard coded, alternatively, you can set additional JVM parameters for JAAS and krb5 configuration file when running the application like below:</p>
+</blockquote>
+<pre><code class="hljs">
+java -cp -Djava.security.auth.login.<span class="hljs-attribute">config</span>=/etc/pulsar/pulsar_jaas.conf -Djava.security.krb5.<span class="hljs-attribute">conf</span>=/etc/pulsar/krb5.conf <span class="hljs-variable">$APP</span>-jar-with-dependencies.jar <span class="hljs-variable">$CLASSNAME</span>
+
+ <br />Make sure that the keytabs configured <span class="hljs-keyword">in</span> the `pulsar_jaas.conf` file <span class="hljs-keyword">and</span> kdc<span class="hljs-built_in"> server </span><span class="hljs-keyword">in</span> the `krb5.conf` file are reachable by the operating<span class="hljs-built_in"> system user </span>who is starting pulsar client.
+
+ <span class="hljs-keyword">If</span> you are using command line, you can continue with these <span class="hljs-keyword">step</span>:
+
+ 1.<span class="hljs-built_in"> Config </span>your `client.conf`:
+ ```shell
+ <span class="hljs-attribute">authPlugin</span>=org.apache.pulsar.client.impl.auth.AuthenticationSasl
+ authParams={<span class="hljs-string">"saslJaasClientSectionName"</span>:<span class="hljs-string">"PulsarClient"</span>, <span class="hljs-string">"serverType"</span>:<span class="hljs-string">"broker"</span>}
+
+
+2. <span class="hljs-builtin-name">Set</span> JVM parameter <span class="hljs-keyword">for</span> JAAS configuration file <span class="hljs-keyword">and</span> krb5 configuration file with additional option.
+
+```shell
+ -Djava.security.auth.login.<span class="hljs-attribute">config</span>=/etc/pulsar/pulsar_jaas.conf -Djava.security.krb5.<span class="hljs-attribute">conf</span>=/etc/pulsar/krb5.conf
</code></pre>
<p>You can add this at the end of <code>PULSAR_EXTRA_OPTS</code> in the file <a href="https://github.com/apache/pulsar/blob/master/conf/pulsar_tools_env.sh"><code>pulsar_tools_env.sh</code></a></p>
<h2><a class="anchor" aria-hidden="true" id="kerberos-configuration-for-working-with-pulsar-proxy"></a><a href="#kerberos-configuration-for-working-with-pulsar-proxy" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S [...]
@@ -250,9 +258,9 @@ sudo /usr/sbin/kadmin.local -q "ktadd -k /etc/security/keytabs/{client-keytabnam
<pre><code class="hljs css language-java"> System.setProperty(<span class="hljs-string">"java.security.auth.login.config"</span>, <span class="hljs-string">"/etc/pulsar/pulsar_jaas.conf"</span>);
System.setProperty(<span class="hljs-string">"java.security.krb5.conf"</span>, <span class="hljs-string">"/etc/pulsar/krb5.conf"</span>);
- Map<String, String> clientSaslConfig = Maps.newHashMap();
- clientSaslConfig.put(<span class="hljs-string">"saslJaasClientSectionName"</span>, <span class="hljs-string">"PulsarClient"</span>);
- clientSaslConfig.put(<span class="hljs-string">"serverType"</span>, <span class="hljs-string">"proxy"</span>); <span class="hljs-comment">// ** here is the different **</span>
+ Map<String, String> authParams = Maps.newHashMap();
+ authParams.put(<span class="hljs-string">"saslJaasClientSectionName"</span>, <span class="hljs-string">"PulsarClient"</span>);
+ authParams.put(<span class="hljs-string">"serverType"</span>, <span class="hljs-string">"proxy"</span>); <span class="hljs-comment">// ** here is the different **</span>
Authentication saslAuth = AuthenticationFactory
.create(org.apache.pulsar.client.impl.auth.AuthenticationSasl.class.getName(), authParams);
@@ -262,40 +270,59 @@ sudo /usr/sbin/kadmin.local -q "ktadd -k /etc/security/keytabs/{client-keytabnam
.authentication(saslAuth)
.build();
</code></pre>
-<h3><a class="anchor" aria-hidden="true" id="kerberos-configuration-for-pulsar-proxy-service"></a><a href="#kerberos-configuration-for-pulsar-proxy-service" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9 [...]
-<p>In the <code>proxy.conf</code> file, set Kerberos related configuration. Here is an example:</p>
-<pre><code class="hljs css language-shell"><span class="hljs-meta">#</span><span class="bash"><span class="hljs-comment"># related to authenticate client.</span></span>
-authenticationEnabled=true
-authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderSasl
-saslJaasClientAllowedIds=.*client.*
-saslJaasBrokerSectionName=PulsarProxy
-<span class="hljs-meta">
-#</span><span class="bash"><span class="hljs-comment"># related to be authenticated by broker</span></span>
-brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationSasl
-brokerClientAuthenticationParameters=saslJaasClientSectionName:PulsarProxy,serverType:broker
-forwardAuthorizationCredentials=true
-</code></pre>
-<p>The first part is related to authenticate between client and Pulsar Proxy. In this phase, client works as SASL client, while Pulsar Proxy works as SASL server.</p>
-<p>The second part is related to authenticate between Pulsar Proxy and Pulsar Broker. In this phase, Pulsar Proxy works as SASL client, while Pulsar Broker works as SASL server.</p>
-<h3><a class="anchor" aria-hidden="true" id="broker-side-configuration"></a><a href="#broker-side-configuration" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c [...]
-<p>The broker side configuration file is the same with the above <code>broker.conf</code>, you do not need special configuration for Pulsar Proxy.</p>
-<pre><code class="hljs">authenticationEnabled=true
-authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderSasl
-saslJaasClientAllowedIds=.*client.*
-saslJaasBrokerSectionName=PulsarBroker
-</code></pre>
-<h2><a class="anchor" aria-hidden="true" id="regarding-authorization-and-role-token"></a><a href="#regarding-authorization-and-role-token" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1. [...]
-<p>For Kerberos authentication, the authenticated principal is used as the role token for Pulsar authorization. For more information of authorization in Pulsar, see <a href="/docs/zh-CN/next/security-authorization">security authorization</a>.</p>
-<p>If you enabled authorizationEnabled you need set <code>superUserRoles</code> in <code>broker.conf</code> that corresponding to the name registered in kdc</p>
-<p>例如:</p>
-<pre><code class="hljs css language-bash">superUserRoles=client/{clientIp}@EXAMPLE.COM
+<blockquote>
+<p>The first two lines in the example above are hard coded, alternatively, you can set additional JVM parameters for JAAS and krb5 configuration file when running the application like below:</p>
+</blockquote>
+<pre><code class="hljs">
+java -cp -Djava.security.auth.login.<span class="hljs-attribute">config</span>=/etc/pulsar/pulsar_jaas.conf -Djava.security.krb5.<span class="hljs-attribute">conf</span>=/etc/pulsar/krb5.conf <span class="hljs-variable">$APP</span>-jar-with-dependencies.jar <span class="hljs-variable">$CLASSNAME</span>
+
+ <br />### Kerberos configuration <span class="hljs-keyword">for</span> Pulsar<span class="hljs-built_in"> Proxy service
+</span>
+ <span class="hljs-keyword">In</span> the `proxy.conf` file, <span class="hljs-builtin-name">set</span> Kerberos related configuration. Here is an example:
+ ```shell
+ ## related <span class="hljs-keyword">to</span> authenticate client.
+ <span class="hljs-attribute">authenticationEnabled</span>=<span class="hljs-literal">true</span>
+ <span class="hljs-attribute">authenticationProviders</span>=org.apache.pulsar.broker.authentication.AuthenticationProviderSasl
+ <span class="hljs-attribute">saslJaasClientAllowedIds</span>=.*client.*
+ <span class="hljs-attribute">saslJaasBrokerSectionName</span>=PulsarProxy
+
+ ## related <span class="hljs-keyword">to</span> be authenticated by broker
+ <span class="hljs-attribute">brokerClientAuthenticationPlugin</span>=org.apache.pulsar.client.impl.auth.AuthenticationSasl
+ <span class="hljs-attribute">brokerClientAuthenticationParameters</span>=saslJaasClientSectionName:PulsarProxy,serverType:broker
+ <span class="hljs-attribute">forwardAuthorizationCredentials</span>=<span class="hljs-literal">true</span>
+
+
+The first part is related <span class="hljs-keyword">to</span> authenticate between<span class="hljs-built_in"> client </span><span class="hljs-keyword">and</span> Pulsar Proxy. <span class="hljs-keyword">In</span> this phase,<span class="hljs-built_in"> client </span>works as SASL client, <span class="hljs-keyword">while</span> Pulsar<span class="hljs-built_in"> Proxy </span>works as SASL server.
+
+The second part is related <span class="hljs-keyword">to</span> authenticate between Pulsar<span class="hljs-built_in"> Proxy </span><span class="hljs-keyword">and</span> Pulsar Broker. <span class="hljs-keyword">In</span> this phase, Pulsar<span class="hljs-built_in"> Proxy </span>works as SASL client, <span class="hljs-keyword">while</span> Pulsar Broker works as SASL server.
+
+<span class="hljs-comment">### Broker side configuration.</span>
+
+The broker side configuration file is the same with the above `broker.conf`, you <span class="hljs-keyword">do</span> <span class="hljs-keyword">not</span> need special configuration <span class="hljs-keyword">for</span> Pulsar Proxy.
+
+ <span class="hljs-attribute">authenticationEnabled</span>=<span class="hljs-literal">true</span>
+ <span class="hljs-attribute">authenticationProviders</span>=org.apache.pulsar.broker.authentication.AuthenticationProviderSasl
+ <span class="hljs-attribute">saslJaasClientAllowedIds</span>=.*client.*
+ <span class="hljs-attribute">saslJaasBrokerSectionName</span>=PulsarBroker
+
+
+<span class="hljs-comment">## Regarding authorization and role token</span>
+
+<span class="hljs-keyword">For</span> Kerberos authentication, the authenticated principal is used as the role token <span class="hljs-keyword">for</span> Pulsar authorization. <span class="hljs-keyword">For</span> more information of authorization <span class="hljs-keyword">in</span> Pulsar, see [security authorization](/docs/zh-CN/next/security-authorization).
+
+<span class="hljs-keyword">If</span> you enabled authorizationEnabled you need <span class="hljs-builtin-name">set</span> `superUserRoles` <span class="hljs-keyword">in</span> `broker.conf` that corresponding <span class="hljs-keyword">to</span> the name registered <span class="hljs-keyword">in</span> kdc
+
+例如:
+
+```bash
+<span class="hljs-attribute">superUserRoles</span>=client/{clientIp}@EXAMPLE.COM
</code></pre>
<h2><a class="anchor" aria-hidden="true" id="regarding-authorization-between-bookkeeper-and-zookeeper"></a><a href="#regarding-authorization-between-bookkeeper-and-zookeeper" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.2 [...]
<p>Adding <code>bookkeeperClientAuthenticationPlugin</code> parameter in <code>broker.conf</code> is a prerequisite for Broker (as a Kerberos client) being authenticated by Bookie (as a Kerberos Server):</p>
<pre><code class="hljs">bookkeeperClientAuthenticationPlugin=org.apache.bookkeeper.sasl.SASLClientProviderFactory
</code></pre>
<p>For more details of how to configure Kerberos for BookKeeper and Zookeeper, refer to <a href="http://bookkeeper.apache.org/docs/latest/security/sasl/">BookKeeper document</a>.</p>
-</span></div></article></div><div class="docs-prevnext"><a class="docs-prev button" href="/docs/zh-CN/next/security-athenz"><span class="arrow-prev">← </span><span>Authentication using Athenz</span></a><a class="docs-next button" href="/docs/zh-CN/next/security-authorization"><span>Authorization and ACLs</span><span class="arrow-next"> →</span></a></div></div></div><nav class="onPageNav"><ul class="toc-headings"><li><a href="#configuration-for-kerberos-between-client-and-broker">Configur [...]
+</span></div></article></div><div class="docs-prevnext"><a class="docs-prev button" href="/docs/zh-CN/next/security-athenz"><span class="arrow-prev">← </span><span>Authentication using Athenz</span></a><a class="docs-next button" href="/docs/zh-CN/next/security-authorization"><span>Authorization and ACLs</span><span class="arrow-next"> →</span></a></div></div></div><nav class="onPageNav"><ul class="toc-headings"><li><a href="#configuration-for-kerberos-between-client-and-broker">Configur [...]
const community = document.querySelector("a[href='#community']").parentNode;
const communityMenu =
'<li>' +
diff --git a/content/docs/zh-CN/next/security-kerberos/index.html b/content/docs/zh-CN/next/security-kerberos/index.html
index b136221..df2a174 100644
--- a/content/docs/zh-CN/next/security-kerberos/index.html
+++ b/content/docs/zh-CN/next/security-kerberos/index.html
@@ -173,9 +173,9 @@ saslJaasBrokerSectionName=PulsarBroker</p></li>
<pre><code class="hljs css language-java"> System.setProperty(<span class="hljs-string">"java.security.auth.login.config"</span>, <span class="hljs-string">"/etc/pulsar/pulsar_jaas.conf"</span>);
System.setProperty(<span class="hljs-string">"java.security.krb5.conf"</span>, <span class="hljs-string">"/etc/pulsar/krb5.conf"</span>);
- Map<String, String> clientSaslConfig = Maps.newHashMap();
- clientSaslConfig.put(<span class="hljs-string">"saslJaasClientSectionName"</span>, <span class="hljs-string">"PulsarClient"</span>);
- clientSaslConfig.put(<span class="hljs-string">"serverType"</span>, <span class="hljs-string">"broker"</span>);
+ Map<String, String> authParams = Maps.newHashMap();
+ authParams.put(<span class="hljs-string">"saslJaasClientSectionName"</span>, <span class="hljs-string">"PulsarClient"</span>);
+ authParams.put(<span class="hljs-string">"serverType"</span>, <span class="hljs-string">"broker"</span>);
Authentication saslAuth = AuthenticationFactory
.create(org.apache.pulsar.client.impl.auth.AuthenticationSasl.class.getName(), authParams);
@@ -185,18 +185,26 @@ saslJaasBrokerSectionName=PulsarBroker</p></li>
.authentication(saslAuth)
.build();
</code></pre>
-<p>Make sure that the keytabs configured in the <code>pulsar_jaas.conf</code> file and kdc server in the <code>krb5.conf</code> file are reachable by the operating system user who is starting pulsar client.</p>
-<p>If you are using command line, you can continue with these step:</p>
-<ol>
-<li>Config your <code>client.conf</code>:</li>
-</ol>
-<pre><code class="hljs css language-shell">authPlugin=org.apache.pulsar.client.impl.auth.AuthenticationSasl
-authParams={"saslJaasClientSectionName":"PulsarClient", "serverType":"broker"}
-</code></pre>
-<ol start="2">
-<li>Set JVM parameter for JAAS configuration file and krb5 configuration file with additional option.</li>
-</ol>
-<pre><code class="hljs css language-shell"> -Djava.security.auth.login.config=/etc/pulsar/pulsar_jaas.conf -Djava.security.krb5.conf=/etc/pulsar/krb5.conf
+<blockquote>
+<p>The first two lines in the example above are hard coded, alternatively, you can set additional JVM parameters for JAAS and krb5 configuration file when running the application like below:</p>
+</blockquote>
+<pre><code class="hljs">
+java -cp -Djava.security.auth.login.<span class="hljs-attribute">config</span>=/etc/pulsar/pulsar_jaas.conf -Djava.security.krb5.<span class="hljs-attribute">conf</span>=/etc/pulsar/krb5.conf <span class="hljs-variable">$APP</span>-jar-with-dependencies.jar <span class="hljs-variable">$CLASSNAME</span>
+
+ <br />Make sure that the keytabs configured <span class="hljs-keyword">in</span> the `pulsar_jaas.conf` file <span class="hljs-keyword">and</span> kdc<span class="hljs-built_in"> server </span><span class="hljs-keyword">in</span> the `krb5.conf` file are reachable by the operating<span class="hljs-built_in"> system user </span>who is starting pulsar client.
+
+ <span class="hljs-keyword">If</span> you are using command line, you can continue with these <span class="hljs-keyword">step</span>:
+
+ 1.<span class="hljs-built_in"> Config </span>your `client.conf`:
+ ```shell
+ <span class="hljs-attribute">authPlugin</span>=org.apache.pulsar.client.impl.auth.AuthenticationSasl
+ authParams={<span class="hljs-string">"saslJaasClientSectionName"</span>:<span class="hljs-string">"PulsarClient"</span>, <span class="hljs-string">"serverType"</span>:<span class="hljs-string">"broker"</span>}
+
+
+2. <span class="hljs-builtin-name">Set</span> JVM parameter <span class="hljs-keyword">for</span> JAAS configuration file <span class="hljs-keyword">and</span> krb5 configuration file with additional option.
+
+```shell
+ -Djava.security.auth.login.<span class="hljs-attribute">config</span>=/etc/pulsar/pulsar_jaas.conf -Djava.security.krb5.<span class="hljs-attribute">conf</span>=/etc/pulsar/krb5.conf
</code></pre>
<p>You can add this at the end of <code>PULSAR_EXTRA_OPTS</code> in the file <a href="https://github.com/apache/pulsar/blob/master/conf/pulsar_tools_env.sh"><code>pulsar_tools_env.sh</code></a></p>
<h2><a class="anchor" aria-hidden="true" id="kerberos-configuration-for-working-with-pulsar-proxy"></a><a href="#kerberos-configuration-for-working-with-pulsar-proxy" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S [...]
@@ -250,9 +258,9 @@ sudo /usr/sbin/kadmin.local -q "ktadd -k /etc/security/keytabs/{client-keytabnam
<pre><code class="hljs css language-java"> System.setProperty(<span class="hljs-string">"java.security.auth.login.config"</span>, <span class="hljs-string">"/etc/pulsar/pulsar_jaas.conf"</span>);
System.setProperty(<span class="hljs-string">"java.security.krb5.conf"</span>, <span class="hljs-string">"/etc/pulsar/krb5.conf"</span>);
- Map<String, String> clientSaslConfig = Maps.newHashMap();
- clientSaslConfig.put(<span class="hljs-string">"saslJaasClientSectionName"</span>, <span class="hljs-string">"PulsarClient"</span>);
- clientSaslConfig.put(<span class="hljs-string">"serverType"</span>, <span class="hljs-string">"proxy"</span>); <span class="hljs-comment">// ** here is the different **</span>
+ Map<String, String> authParams = Maps.newHashMap();
+ authParams.put(<span class="hljs-string">"saslJaasClientSectionName"</span>, <span class="hljs-string">"PulsarClient"</span>);
+ authParams.put(<span class="hljs-string">"serverType"</span>, <span class="hljs-string">"proxy"</span>); <span class="hljs-comment">// ** here is the different **</span>
Authentication saslAuth = AuthenticationFactory
.create(org.apache.pulsar.client.impl.auth.AuthenticationSasl.class.getName(), authParams);
@@ -262,40 +270,59 @@ sudo /usr/sbin/kadmin.local -q "ktadd -k /etc/security/keytabs/{client-keytabnam
.authentication(saslAuth)
.build();
</code></pre>
-<h3><a class="anchor" aria-hidden="true" id="kerberos-configuration-for-pulsar-proxy-service"></a><a href="#kerberos-configuration-for-pulsar-proxy-service" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9 [...]
-<p>In the <code>proxy.conf</code> file, set Kerberos related configuration. Here is an example:</p>
-<pre><code class="hljs css language-shell"><span class="hljs-meta">#</span><span class="bash"><span class="hljs-comment"># related to authenticate client.</span></span>
-authenticationEnabled=true
-authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderSasl
-saslJaasClientAllowedIds=.*client.*
-saslJaasBrokerSectionName=PulsarProxy
-<span class="hljs-meta">
-#</span><span class="bash"><span class="hljs-comment"># related to be authenticated by broker</span></span>
-brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationSasl
-brokerClientAuthenticationParameters=saslJaasClientSectionName:PulsarProxy,serverType:broker
-forwardAuthorizationCredentials=true
-</code></pre>
-<p>The first part is related to authenticate between client and Pulsar Proxy. In this phase, client works as SASL client, while Pulsar Proxy works as SASL server.</p>
-<p>The second part is related to authenticate between Pulsar Proxy and Pulsar Broker. In this phase, Pulsar Proxy works as SASL client, while Pulsar Broker works as SASL server.</p>
-<h3><a class="anchor" aria-hidden="true" id="broker-side-configuration"></a><a href="#broker-side-configuration" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c [...]
-<p>The broker side configuration file is the same with the above <code>broker.conf</code>, you do not need special configuration for Pulsar Proxy.</p>
-<pre><code class="hljs">authenticationEnabled=true
-authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderSasl
-saslJaasClientAllowedIds=.*client.*
-saslJaasBrokerSectionName=PulsarBroker
-</code></pre>
-<h2><a class="anchor" aria-hidden="true" id="regarding-authorization-and-role-token"></a><a href="#regarding-authorization-and-role-token" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1. [...]
-<p>For Kerberos authentication, the authenticated principal is used as the role token for Pulsar authorization. For more information of authorization in Pulsar, see <a href="/docs/zh-CN/next/security-authorization">security authorization</a>.</p>
-<p>If you enabled authorizationEnabled you need set <code>superUserRoles</code> in <code>broker.conf</code> that corresponding to the name registered in kdc</p>
-<p>例如:</p>
-<pre><code class="hljs css language-bash">superUserRoles=client/{clientIp}@EXAMPLE.COM
+<blockquote>
+<p>The first two lines in the example above are hard coded, alternatively, you can set additional JVM parameters for JAAS and krb5 configuration file when running the application like below:</p>
+</blockquote>
+<pre><code class="hljs">
+java -cp -Djava.security.auth.login.<span class="hljs-attribute">config</span>=/etc/pulsar/pulsar_jaas.conf -Djava.security.krb5.<span class="hljs-attribute">conf</span>=/etc/pulsar/krb5.conf <span class="hljs-variable">$APP</span>-jar-with-dependencies.jar <span class="hljs-variable">$CLASSNAME</span>
+
+ <br />### Kerberos configuration <span class="hljs-keyword">for</span> Pulsar<span class="hljs-built_in"> Proxy service
+</span>
+ <span class="hljs-keyword">In</span> the `proxy.conf` file, <span class="hljs-builtin-name">set</span> Kerberos related configuration. Here is an example:
+ ```shell
+ ## related <span class="hljs-keyword">to</span> authenticate client.
+ <span class="hljs-attribute">authenticationEnabled</span>=<span class="hljs-literal">true</span>
+ <span class="hljs-attribute">authenticationProviders</span>=org.apache.pulsar.broker.authentication.AuthenticationProviderSasl
+ <span class="hljs-attribute">saslJaasClientAllowedIds</span>=.*client.*
+ <span class="hljs-attribute">saslJaasBrokerSectionName</span>=PulsarProxy
+
+ ## related <span class="hljs-keyword">to</span> be authenticated by broker
+ <span class="hljs-attribute">brokerClientAuthenticationPlugin</span>=org.apache.pulsar.client.impl.auth.AuthenticationSasl
+ <span class="hljs-attribute">brokerClientAuthenticationParameters</span>=saslJaasClientSectionName:PulsarProxy,serverType:broker
+ <span class="hljs-attribute">forwardAuthorizationCredentials</span>=<span class="hljs-literal">true</span>
+
+
+The first part is related <span class="hljs-keyword">to</span> authenticate between<span class="hljs-built_in"> client </span><span class="hljs-keyword">and</span> Pulsar Proxy. <span class="hljs-keyword">In</span> this phase,<span class="hljs-built_in"> client </span>works as SASL client, <span class="hljs-keyword">while</span> Pulsar<span class="hljs-built_in"> Proxy </span>works as SASL server.
+
+The second part is related <span class="hljs-keyword">to</span> authenticate between Pulsar<span class="hljs-built_in"> Proxy </span><span class="hljs-keyword">and</span> Pulsar Broker. <span class="hljs-keyword">In</span> this phase, Pulsar<span class="hljs-built_in"> Proxy </span>works as SASL client, <span class="hljs-keyword">while</span> Pulsar Broker works as SASL server.
+
+<span class="hljs-comment">### Broker side configuration.</span>
+
+The broker side configuration file is the same with the above `broker.conf`, you <span class="hljs-keyword">do</span> <span class="hljs-keyword">not</span> need special configuration <span class="hljs-keyword">for</span> Pulsar Proxy.
+
+ <span class="hljs-attribute">authenticationEnabled</span>=<span class="hljs-literal">true</span>
+ <span class="hljs-attribute">authenticationProviders</span>=org.apache.pulsar.broker.authentication.AuthenticationProviderSasl
+ <span class="hljs-attribute">saslJaasClientAllowedIds</span>=.*client.*
+ <span class="hljs-attribute">saslJaasBrokerSectionName</span>=PulsarBroker
+
+
+<span class="hljs-comment">## Regarding authorization and role token</span>
+
+<span class="hljs-keyword">For</span> Kerberos authentication, the authenticated principal is used as the role token <span class="hljs-keyword">for</span> Pulsar authorization. <span class="hljs-keyword">For</span> more information of authorization <span class="hljs-keyword">in</span> Pulsar, see [security authorization](/docs/zh-CN/next/security-authorization).
+
+<span class="hljs-keyword">If</span> you enabled authorizationEnabled you need <span class="hljs-builtin-name">set</span> `superUserRoles` <span class="hljs-keyword">in</span> `broker.conf` that corresponding <span class="hljs-keyword">to</span> the name registered <span class="hljs-keyword">in</span> kdc
+
+例如:
+
+```bash
+<span class="hljs-attribute">superUserRoles</span>=client/{clientIp}@EXAMPLE.COM
</code></pre>
<h2><a class="anchor" aria-hidden="true" id="regarding-authorization-between-bookkeeper-and-zookeeper"></a><a href="#regarding-authorization-between-bookkeeper-and-zookeeper" aria-hidden="true" class="hash-link"><svg class="hash-link-icon" aria-hidden="true" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.2 [...]
<p>Adding <code>bookkeeperClientAuthenticationPlugin</code> parameter in <code>broker.conf</code> is a prerequisite for Broker (as a Kerberos client) being authenticated by Bookie (as a Kerberos Server):</p>
<pre><code class="hljs">bookkeeperClientAuthenticationPlugin=org.apache.bookkeeper.sasl.SASLClientProviderFactory
</code></pre>
<p>For more details of how to configure Kerberos for BookKeeper and Zookeeper, refer to <a href="http://bookkeeper.apache.org/docs/latest/security/sasl/">BookKeeper document</a>.</p>
-</span></div></article></div><div class="docs-prevnext"><a class="docs-prev button" href="/docs/zh-CN/next/security-athenz"><span class="arrow-prev">← </span><span>Authentication using Athenz</span></a><a class="docs-next button" href="/docs/zh-CN/next/security-authorization"><span>Authorization and ACLs</span><span class="arrow-next"> →</span></a></div></div></div><nav class="onPageNav"><ul class="toc-headings"><li><a href="#configuration-for-kerberos-between-client-and-broker">Configur [...]
+</span></div></article></div><div class="docs-prevnext"><a class="docs-prev button" href="/docs/zh-CN/next/security-athenz"><span class="arrow-prev">← </span><span>Authentication using Athenz</span></a><a class="docs-next button" href="/docs/zh-CN/next/security-authorization"><span>Authorization and ACLs</span><span class="arrow-next"> →</span></a></div></div></div><nav class="onPageNav"><ul class="toc-headings"><li><a href="#configuration-for-kerberos-between-client-and-broker">Configur [...]
const community = document.querySelector("a[href='#community']").parentNode;
const communityMenu =
'<li>' +
diff --git a/content/swagger/swagger.json b/content/swagger/swagger.json
index 90b17fa..170915b 100644
--- a/content/swagger/swagger.json
+++ b/content/swagger/swagger.json
@@ -6932,10 +6932,10 @@
"type" : "string"
}
},
- "connectedSince" : {
+ "clientVersion" : {
"type" : "string"
},
- "clientVersion" : {
+ "connectedSince" : {
"type" : "string"
},
"address" : {
@@ -7258,6 +7258,10 @@
"type" : "number",
"format" : "double"
},
+ "msgThroughputIn" : {
+ "type" : "number",
+ "format" : "double"
+ },
"underLoaded" : {
"type" : "boolean"
},
@@ -7267,6 +7271,9 @@
"loadReportType" : {
"type" : "string"
},
+ "cpu" : {
+ "$ref" : "#/definitions/ResourceUsage"
+ },
"memory" : {
"$ref" : "#/definitions/ResourceUsage"
},
@@ -7283,16 +7290,9 @@
"type" : "integer",
"format" : "int64"
},
- "msgThroughputIn" : {
- "type" : "number",
- "format" : "double"
- },
"msgThroughputOut" : {
"type" : "number",
"format" : "double"
- },
- "cpu" : {
- "$ref" : "#/definitions/ResourceUsage"
}
}
},
@@ -7452,13 +7452,13 @@
"type" : "number",
"format" : "double"
},
- "connectedSince" : {
+ "clientVersion" : {
"type" : "string"
},
- "producerName" : {
+ "connectedSince" : {
"type" : "string"
},
- "clientVersion" : {
+ "producerName" : {
"type" : "string"
},
"address" : {
@@ -8182,13 +8182,13 @@
"type" : "string"
}
},
- "connectedSince" : {
+ "clientVersion" : {
"type" : "string"
},
- "producerName" : {
+ "connectedSince" : {
"type" : "string"
},
- "clientVersion" : {
+ "producerName" : {
"type" : "string"
},
"address" : {
diff --git a/content/swagger/swaggerfunctions.json b/content/swagger/swaggerfunctions.json
index 586c0ac..87aa878 100644
--- a/content/swagger/swaggerfunctions.json
+++ b/content/swagger/swaggerfunctions.json
@@ -1185,9 +1185,6 @@
"Message" : {
"type" : "object",
"properties" : {
- "producerName" : {
- "type" : "string"
- },
"publishTime" : {
"type" : "integer",
"format" : "int64"
@@ -1199,9 +1196,12 @@
"topicName" : {
"type" : "string"
},
- "redeliveryCount" : {
- "type" : "integer",
- "format" : "int32"
+ "keyBytes" : {
+ "type" : "array",
+ "items" : {
+ "type" : "string",
+ "format" : "byte"
+ }
},
"orderingKey" : {
"type" : "array",
@@ -1220,19 +1220,19 @@
"format" : "byte"
}
},
+ "sequenceId" : {
+ "type" : "integer",
+ "format" : "int64"
+ },
"messageId" : {
"$ref" : "#/definitions/MessageId"
},
- "keyBytes" : {
- "type" : "array",
- "items" : {
- "type" : "string",
- "format" : "byte"
- }
+ "producerName" : {
+ "type" : "string"
},
- "sequenceId" : {
+ "redeliveryCount" : {
"type" : "integer",
- "format" : "int64"
+ "format" : "int32"
},
"data" : {
"type" : "array",