You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kafka.apache.org by ma...@apache.org on 2023/05/20 06:53:26 UTC
[kafka-site] branch asf-site updated: MINOR: Add System Properties to config documentation section (#512)
This is an automated email from the ASF dual-hosted git repository.
manikumar pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/kafka-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 015e2479 MINOR: Add System Properties to config documentation section (#512)
015e2479 is described below
commit 015e247942af86884cf94d947a21a993d1ff8a4f
Author: Manikumar Reddy <ma...@gmail.com>
AuthorDate: Sat May 20 12:23:20 2023 +0530
MINOR: Add System Properties to config documentation section (#512)
---
34/configuration.html | 18 ++++++++++++++++++
34/toc.html | 1 +
2 files changed, 19 insertions(+)
diff --git a/34/configuration.html b/34/configuration.html
index ceb671ca..3da38944 100644
--- a/34/configuration.html
+++ b/34/configuration.html
@@ -266,6 +266,24 @@
<h3 class="anchor-heading"><a id="adminclientconfigs" class="anchor-link"></a><a href="#adminclientconfigs">3.7 Admin Configs</a></h3>
Below is the configuration of the Kafka Admin client library.
<!--#include virtual="generated/admin_client_config.html" -->
+
+ <h3 class="anchor-heading"><a id="systemproperties" class="anchor-link"></a><a href="#systemproperties">3.8 System Properties</a></h3>
+ Kafka supports some configuration that can be enabled through Java system properties. System properties are usually set by passing the -D flag to the Java virtual machine in which Kafka components are running.
+ Below are the supported system properties.
+ <ul class="config-list">
+ <li>
+ <h4><a id="org.apache.kafka.disallowed.login.modules"></a><a id="systemproperties_org.apache.kafka.disallowed.login.modules" href="#systemproperties_org.apache.kafka.disallowed.login.modules">org.apache.kafka.disallowed.login.modules</a></h4>
+ <p>This system property is used to disable the problematic login modules usage in SASL JAAS configuration. This property accepts comma-separated list of loginModule names. By default <b>com.sun.security.auth.module.JndiLoginModule</b> loginModule is disabled.
+ <p>If users want to enable JndiLoginModule, users need to explicitly reset the system property like below. We advise the users to validate configurations and only allow trusted JNDI configurations. For more details <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-25194">CVE-2023-25194</a>.
+ <p><pre class="brush: bash;"> -Dorg.apache.kafka.disallowed.login.modules=</pre>
+ <p>To disable more loginModules, update the system property with comma-separated loginModule names. Make sure to explicitly add <b>JndiLoginModule</b> module name to the comma-separated list like below.
+ <p><pre class="brush: bash;"> -Dorg.apache.kafka.disallowed.login.modules=com.sun.security.auth.module.JndiLoginModule,com.ibm.security.auth.module.LdapLoginModule,com.ibm.security.auth.module.Krb5LoginModule</pre>
+ <table><tbody>
+ <tr><th>Since:</th><td>3.4.0</td></tr>
+ <tr><th>Default Value:</th><td>com.sun.security.auth.module.JndiLoginModule</td></tr>
+ </tbody></table>
+ </li>
+ </ul>
</script>
<div class="p-configuration"></div>
diff --git a/34/toc.html b/34/toc.html
index aad286b2..f8582d94 100644
--- a/34/toc.html
+++ b/34/toc.html
@@ -51,6 +51,7 @@
</ul>
<li><a href="#streamsconfigs">3.6 Kafka Streams Configs</a>
<li><a href="#adminclientconfigs">3.7 AdminClient Configs</a>
+ <li><a href="#systemproperties">3.8 System Properties</a>
</ul>
</li>
<li><a href="#design">4. Design</a>