You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kafka.apache.org by ju...@apache.org on 2015/11/20 22:46:21 UTC
kafka git commit: trivial change to 0.9.0 docs to fix incorrect
ssl.key.password
Repository: kafka
Updated Branches:
refs/heads/0.9.0 cd7455c64 -> 6aeaa1eb5
trivial change to 0.9.0 docs to fix incorrect ssl.key.password
Project: http://git-wip-us.apache.org/repos/asf/kafka/repo
Commit: http://git-wip-us.apache.org/repos/asf/kafka/commit/6aeaa1eb
Tree: http://git-wip-us.apache.org/repos/asf/kafka/tree/6aeaa1eb
Diff: http://git-wip-us.apache.org/repos/asf/kafka/diff/6aeaa1eb
Branch: refs/heads/0.9.0
Commit: 6aeaa1eb5ceeb7603e9d5339a96f0fa268f12fa0
Parents: cd7455c
Author: Jun Rao <ju...@gmail.com>
Authored: Fri Nov 20 13:46:15 2015 -0800
Committer: Jun Rao <ju...@gmail.com>
Committed: Fri Nov 20 13:46:15 2015 -0800
----------------------------------------------------------------------
docs/security.html | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/kafka/blob/6aeaa1eb/docs/security.html
----------------------------------------------------------------------
diff --git a/docs/security.html b/docs/security.html
index b697d53..b49fbed 100644
--- a/docs/security.html
+++ b/docs/security.html
@@ -115,7 +115,7 @@ Apache Kafka allows clients to connect over SSL. By default SSL is disabled but
<pre>
ssl.keystore.location = /var/private/ssl/kafka.server.keystore.jks
ssl.keystore.password = test1234
- ssl.key.password = test1234
+ ssl.keystore.password = test1234
ssl.truststore.location = /var/private/ssl/kafka.server.truststore.jks
ssl.truststore.password = test1234</pre>
@@ -163,7 +163,7 @@ Apache Kafka allows clients to connect over SSL. By default SSL is disabled but
<pre>
ssl.keystore.location = "/var/private/ssl/kafka.client.keystore.jks"
ssl.keystore.password = "test1234"
- ssl.key.password = "test1234"</pre>
+ ssl.keystore.password = "test1234"</pre>
Other configuration settings that may also be needed depending on our requirements and the broker configuration:
<ol>
<li>ssl.provider (Optional). The name of the security provider used for SSL connections. Default value is the default security provider of the JVM.</li>
@@ -276,9 +276,9 @@ Apache Kafka allows clients to connect over SSL. By default SSL is disabled but
</ol>
<h3><a id="security_authz" href="#security_authz">7.4 Authorization and ACLs</a></h3>
-Kafka ships with a pluggable Authorizer and an out-of-box authorizer implementation that uses zookeeper to store all the acls. Kafka acls are defined in the general format of "Principal P is [Allowed/Denied] Operation O From Host H On Resource R". You can read more about the acl structure on KIP-11. In order to add, remove or list acls you can use the Kafka authorizer CLI. By default, if a Resource R has no associated acls, no one other than super users is allowed to access R. If you want change that behavior, you can include the following in broker.properties.
+Kafka ships with a pluggable Authorizer and an out-of-box authorizer implementation that uses zookeeper to store all the acls. Kafka acls are defined in the general format of "Principal P is [Allowed/Denied] Operation O From Host H On Resource R". You can read more about the acl structure on KIP-11. In order to add, remove or list acls you can use the Kafka authorizer CLI. By default, if a Resource R has no associated acls, no one other than super users is allowed to access R. If you want to change that behavior, you can include the following in broker.properties.
<pre>allow.everyone.if.no.acl.found=true</pre>
-One can also add super users in broker.properties like the following.
+One can also add super users in broker.properties like the following (note that the delimiter is semicolon since SSL user names may contain comma).
<pre>super.users=User:Bob;User:Alice</pre>
By default, the SSL user name will be of the form "CN=writeuser,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown". One can change that by setting a customized PrincipalBuilder in broker.properties like the following.
<pre>principal.builder.class=CustomizedPrincipalBuilderClass</pre>