Repository: kafka-site Updated Branches: refs/heads/asf-site 0b980bfa9 -> 0e79d903e
trivial change to 0.9.0 docs to fix incorrect ssl.key.password Project: http://git-wip-us.apache.org/repos/asf/kafka-site/repo Commit: http://git-wip-us.apache.org/repos/asf/kafka-site/commit/0e79d903 Tree: http://git-wip-us.apache.org/repos/asf/kafka-site/tree/0e79d903 Diff: http://git-wip-us.apache.org/repos/asf/kafka-site/diff/0e79d903 Branch: refs/heads/asf-site Commit: 0e79d903efc9b35cff4d05599bc66b9b8a2f142d Parents: 0b980bf Author: Jun Rao <[email protected]> Authored: Fri Nov 20 13:54:40 2015 -0800 Committer: Jun Rao <[email protected]> Committed: Fri Nov 20 13:54:40 2015 -0800 ---------------------------------------------------------------------- 090/security.html | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/kafka-site/blob/0e79d903/090/security.html ---------------------------------------------------------------------- diff --git a/090/security.html b/090/security.html index b697d53..b49fbed 100644 --- a/090/security.html +++ b/090/security.html @@ -115,7 +115,7 @@ Apache Kafka allows clients to connect over SSL. By default SSL is disabled but <pre> ssl.keystore.location = /var/private/ssl/kafka.server.keystore.jks ssl.keystore.password = test1234 - ssl.key.password = test1234 + ssl.keystore.password = test1234 ssl.truststore.location = /var/private/ssl/kafka.server.truststore.jks ssl.truststore.password = test1234</pre> @@ -163,7 +163,7 @@ Apache Kafka allows clients to connect over SSL. By default SSL is disabled but <pre> ssl.keystore.location = "/var/private/ssl/kafka.client.keystore.jks" ssl.keystore.password = "test1234" - ssl.key.password = "test1234"</pre> + ssl.keystore.password = "test1234"</pre> Other configuration settings that may also be needed depending on our requirements and the broker configuration: <ol> <li>ssl.provider (Optional). The name of the security provider used for SSL connections. Default value is the default security provider of the JVM.</li> @@ -276,9 +276,9 @@ Apache Kafka allows clients to connect over SSL. By default SSL is disabled but </ol> <h3><a id="security_authz" href="#security_authz">7.4 Authorization and ACLs</a></h3> -Kafka ships with a pluggable Authorizer and an out-of-box authorizer implementation that uses zookeeper to store all the acls. Kafka acls are defined in the general format of "Principal P is [Allowed/Denied] Operation O From Host H On Resource R". You can read more about the acl structure on KIP-11. In order to add, remove or list acls you can use the Kafka authorizer CLI. By default, if a Resource R has no associated acls, no one other than super users is allowed to access R. If you want change that behavior, you can include the following in broker.properties. +Kafka ships with a pluggable Authorizer and an out-of-box authorizer implementation that uses zookeeper to store all the acls. Kafka acls are defined in the general format of "Principal P is [Allowed/Denied] Operation O From Host H On Resource R". You can read more about the acl structure on KIP-11. In order to add, remove or list acls you can use the Kafka authorizer CLI. By default, if a Resource R has no associated acls, no one other than super users is allowed to access R. If you want to change that behavior, you can include the following in broker.properties. <pre>allow.everyone.if.no.acl.found=true</pre> -One can also add super users in broker.properties like the following. +One can also add super users in broker.properties like the following (note that the delimiter is semicolon since SSL user names may contain comma). <pre>super.users=User:Bob;User:Alice</pre> By default, the SSL user name will be of the form "CN=writeuser,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown". One can change that by setting a customized PrincipalBuilder in broker.properties like the following. <pre>principal.builder.class=CustomizedPrincipalBuilderClass</pre>
