You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kafka.apache.org by ma...@apache.org on 2023/05/20 16:24:04 UTC
[kafka] branch trunk updated: MINOR: Add System Properties to config documentation section (#13737)
This is an automated email from the ASF dual-hosted git repository.
manikumar pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/trunk by this push:
new 600e014c245 MINOR: Add System Properties to config documentation section (#13737)
600e014c245 is described below
commit 600e014c245c01dcc0a12c1baf35dc8e50b24af0
Author: Manikumar Reddy <ma...@gmail.com>
AuthorDate: Sat May 20 21:53:44 2023 +0530
MINOR: Add System Properties to config documentation section (#13737)
Reviewers: Josep Prat <jo...@aiven.io>
---
docs/configuration.html | 18 ++++++++++++++++++
docs/toc.html | 1 +
2 files changed, 19 insertions(+)
diff --git a/docs/configuration.html b/docs/configuration.html
index ceb671ca750..3da38944f1b 100644
--- a/docs/configuration.html
+++ b/docs/configuration.html
@@ -266,6 +266,24 @@
<h3 class="anchor-heading"><a id="adminclientconfigs" class="anchor-link"></a><a href="#adminclientconfigs">3.7 Admin Configs</a></h3>
Below is the configuration of the Kafka Admin client library.
<!--#include virtual="generated/admin_client_config.html" -->
+
+ <h3 class="anchor-heading"><a id="systemproperties" class="anchor-link"></a><a href="#systemproperties">3.8 System Properties</a></h3>
+ Kafka supports some configuration that can be enabled through Java system properties. System properties are usually set by passing the -D flag to the Java virtual machine in which Kafka components are running.
+ Below are the supported system properties.
+ <ul class="config-list">
+ <li>
+ <h4><a id="org.apache.kafka.disallowed.login.modules"></a><a id="systemproperties_org.apache.kafka.disallowed.login.modules" href="#systemproperties_org.apache.kafka.disallowed.login.modules">org.apache.kafka.disallowed.login.modules</a></h4>
+ <p>This system property is used to disable the problematic login modules usage in SASL JAAS configuration. This property accepts comma-separated list of loginModule names. By default <b>com.sun.security.auth.module.JndiLoginModule</b> loginModule is disabled.
+ <p>If users want to enable JndiLoginModule, users need to explicitly reset the system property like below. We advise the users to validate configurations and only allow trusted JNDI configurations. For more details <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-25194">CVE-2023-25194</a>.
+ <p><pre class="brush: bash;"> -Dorg.apache.kafka.disallowed.login.modules=</pre>
+ <p>To disable more loginModules, update the system property with comma-separated loginModule names. Make sure to explicitly add <b>JndiLoginModule</b> module name to the comma-separated list like below.
+ <p><pre class="brush: bash;"> -Dorg.apache.kafka.disallowed.login.modules=com.sun.security.auth.module.JndiLoginModule,com.ibm.security.auth.module.LdapLoginModule,com.ibm.security.auth.module.Krb5LoginModule</pre>
+ <table><tbody>
+ <tr><th>Since:</th><td>3.4.0</td></tr>
+ <tr><th>Default Value:</th><td>com.sun.security.auth.module.JndiLoginModule</td></tr>
+ </tbody></table>
+ </li>
+ </ul>
</script>
<div class="p-configuration"></div>
diff --git a/docs/toc.html b/docs/toc.html
index d8ce6280c88..468d4edbdbf 100644
--- a/docs/toc.html
+++ b/docs/toc.html
@@ -51,6 +51,7 @@
</ul>
<li><a href="#streamsconfigs">3.6 Kafka Streams Configs</a>
<li><a href="#adminclientconfigs">3.7 AdminClient Configs</a>
+ <li><a href="#systemproperties">3.8 System Properties</a>
</ul>
</li>
<li><a href="#design">4. Design</a>