You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kafka.apache.org by gu...@apache.org on 2018/01/26 19:40:38 UTC
[kafka] branch trunk updated: MINOR: Add authorizer.class.name to
the security section in documentation (#4310)
This is an automated email from the ASF dual-hosted git repository.
guozhang pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/trunk by this push:
new 93ab94d MINOR: Add authorizer.class.name to the security section in documentation (#4310)
93ab94d is described below
commit 93ab94d7edcbf577747d306c19fc5378dd092d76
Author: Jakub Scholz <ww...@scholzj.com>
AuthorDate: Fri Jan 26 20:40:35 2018 +0100
MINOR: Add authorizer.class.name to the security section in documentation (#4310)
---
docs/security.html | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/docs/security.html b/docs/security.html
index c8e20ea..4e401ae 100644
--- a/docs/security.html
+++ b/docs/security.html
@@ -664,7 +664,9 @@
</ol>
<h3><a id="security_authz" href="#security_authz">7.4 Authorization and ACLs</a></h3>
- Kafka ships with a pluggable Authorizer and an out-of-box authorizer implementation that uses zookeeper to store all the acls. Kafka acls are defined in the general format of "Principal P is [Allowed/Denied] Operation O From Host H On Resource R". You can read more about the acl structure on KIP-11. In order to add, remove or list acls you can use the Kafka authorizer CLI. By default, if a Resource R has no associated acls, no one other than super users is allowed to access R. If you [...]
+ Kafka ships with a pluggable Authorizer and an out-of-box authorizer implementation that uses zookeeper to store all the acls. The Authorizer is configured by setting <code>authorizer.class.name</code> in server.properties. To enable the out of the box implementation use:
+ <pre>authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer</pre>
+ Kafka acls are defined in the general format of "Principal P is [Allowed/Denied] Operation O From Host H On Resource R". You can read more about the acl structure on KIP-11. In order to add, remove or list acls you can use the Kafka authorizer CLI. By default, if a Resource R has no associated acls, no one other than super users is allowed to access R. If you want to change that behavior, you can include the following in server.properties.
<pre>allow.everyone.if.no.acl.found=true</pre>
One can also add super users in server.properties like the following (note that the delimiter is semicolon since SSL user names may contain comma).
<pre>super.users=User:Bob;User:Alice</pre>
--
To stop receiving notification emails like this one, please contact
guozhang@apache.org.