bookkeeper-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From git-site-r...@apache.org
Subject [bookkeeper] branch asf-site updated: Updated site at revision 49b90a6
Date Mon, 07 Aug 2017 18:50:08 GMT
This is an automated email from the ASF dual-hosted git repository.

git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/bookkeeper.git


The following commit(s) were added to refs/heads/asf-site by this push:
     new 988648f  Updated site at revision 49b90a6
988648f is described below

commit 988648fdfaa9c7b5ae93932a24cc9b97fc46d84f
Author: jenkins <builds@apache.org>
AuthorDate: Mon Aug 7 18:50:06 2017 +0000

    Updated site at revision 49b90a6
---
 content/docs/latest/admin/autorecovery/index.html  |  35 +
 content/docs/latest/admin/bookies/index.html       |  35 +
 .../docs/latest/admin/geo-replication/index.html   |  35 +
 content/docs/latest/admin/metrics/index.html       |  35 +
 content/docs/latest/admin/perf/index.html          |  35 +
 content/docs/latest/admin/placement/index.html     |  35 +
 content/docs/latest/admin/upgrade/index.html       |  35 +
 .../docs/latest/api/distributedlog-api/index.html  |  35 +
 .../docs/latest/api/javadoc/constant-values.html   |  29 +-
 content/docs/latest/api/javadoc/index-all.html     |   2 -
 .../bookkeeper/conf/ServerConfiguration.html       |  41 +-
 content/docs/latest/api/ledger-adv-api/index.html  |  35 +
 content/docs/latest/api/ledger-api/index.html      |  35 +
 content/docs/latest/api/overview/index.html        |  35 +
 content/docs/latest/deployment/dcos/index.html     |  35 +
 .../docs/latest/deployment/kubernetes/index.html   |  35 +
 content/docs/latest/deployment/manual/index.html   |  35 +
 .../docs/latest/development/codebase/index.html    |  35 +
 .../docs/latest/development/protocol/index.html    |  35 +
 content/docs/latest/example/index.html             |  35 +
 .../latest/getting-started/concepts/index.html     |  35 +
 .../latest/getting-started/installation/index.html |  35 +
 .../latest/getting-started/run-locally/index.html  |  35 +
 content/docs/latest/reference/cli/index.html       |  35 +
 content/docs/latest/reference/config/index.html    |  35 +
 content/docs/latest/reference/metrics/index.html   |  35 +
 .../run-locally => security}/index.html            | 114 ++-
 content/docs/security/sasl/index.html              | 799 +++++++++++++++++++++
 content/docs/security/tls/index.html               | 790 ++++++++++++++++++++
 .../run-locally => security/zookeeper}/index.html  | 140 +++-
 30 files changed, 2609 insertions(+), 111 deletions(-)

diff --git a/content/docs/latest/admin/autorecovery/index.html b/content/docs/latest/admin/autorecovery/index.html
index 778b901..c8ac3b0 100644
--- a/content/docs/latest/admin/autorecovery/index.html
+++ b/content/docs/latest/admin/autorecovery/index.html
@@ -333,6 +333,41 @@
   </ul>
   
   <p>
+    Security
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/index">
+      Overview
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/tls">
+      TLS Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/sasl">
+      SASL Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/zookeeper">
+      ZooKeeper Authentication
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
     Reference
   </p>
   <ul class="sidebar-items">
diff --git a/content/docs/latest/admin/bookies/index.html b/content/docs/latest/admin/bookies/index.html
index f86024d..a7063bd 100644
--- a/content/docs/latest/admin/bookies/index.html
+++ b/content/docs/latest/admin/bookies/index.html
@@ -333,6 +333,41 @@
   </ul>
   
   <p>
+    Security
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/index">
+      Overview
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/tls">
+      TLS Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/sasl">
+      SASL Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/zookeeper">
+      ZooKeeper Authentication
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
     Reference
   </p>
   <ul class="sidebar-items">
diff --git a/content/docs/latest/admin/geo-replication/index.html b/content/docs/latest/admin/geo-replication/index.html
index c58550f..6a45e9d 100644
--- a/content/docs/latest/admin/geo-replication/index.html
+++ b/content/docs/latest/admin/geo-replication/index.html
@@ -333,6 +333,41 @@
   </ul>
   
   <p>
+    Security
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/index">
+      Overview
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/tls">
+      TLS Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/sasl">
+      SASL Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/zookeeper">
+      ZooKeeper Authentication
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
     Reference
   </p>
   <ul class="sidebar-items">
diff --git a/content/docs/latest/admin/metrics/index.html b/content/docs/latest/admin/metrics/index.html
index f2175a2..ac557c7 100644
--- a/content/docs/latest/admin/metrics/index.html
+++ b/content/docs/latest/admin/metrics/index.html
@@ -333,6 +333,41 @@
   </ul>
   
   <p>
+    Security
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/index">
+      Overview
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/tls">
+      TLS Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/sasl">
+      SASL Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/zookeeper">
+      ZooKeeper Authentication
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
     Reference
   </p>
   <ul class="sidebar-items">
diff --git a/content/docs/latest/admin/perf/index.html b/content/docs/latest/admin/perf/index.html
index cda6794..a07fbe8 100644
--- a/content/docs/latest/admin/perf/index.html
+++ b/content/docs/latest/admin/perf/index.html
@@ -333,6 +333,41 @@
   </ul>
   
   <p>
+    Security
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/index">
+      Overview
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/tls">
+      TLS Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/sasl">
+      SASL Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/zookeeper">
+      ZooKeeper Authentication
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
     Reference
   </p>
   <ul class="sidebar-items">
diff --git a/content/docs/latest/admin/placement/index.html b/content/docs/latest/admin/placement/index.html
index 5807b43..39e846e 100644
--- a/content/docs/latest/admin/placement/index.html
+++ b/content/docs/latest/admin/placement/index.html
@@ -333,6 +333,41 @@
   </ul>
   
   <p>
+    Security
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/index">
+      Overview
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/tls">
+      TLS Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/sasl">
+      SASL Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/zookeeper">
+      ZooKeeper Authentication
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
     Reference
   </p>
   <ul class="sidebar-items">
diff --git a/content/docs/latest/admin/upgrade/index.html b/content/docs/latest/admin/upgrade/index.html
index 4e9bb90..e9a1970 100644
--- a/content/docs/latest/admin/upgrade/index.html
+++ b/content/docs/latest/admin/upgrade/index.html
@@ -333,6 +333,41 @@
   </ul>
   
   <p>
+    Security
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/index">
+      Overview
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/tls">
+      TLS Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/sasl">
+      SASL Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/zookeeper">
+      ZooKeeper Authentication
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
     Reference
   </p>
   <ul class="sidebar-items">
diff --git a/content/docs/latest/api/distributedlog-api/index.html b/content/docs/latest/api/distributedlog-api/index.html
index 17b2da9..fe5f052 100644
--- a/content/docs/latest/api/distributedlog-api/index.html
+++ b/content/docs/latest/api/distributedlog-api/index.html
@@ -333,6 +333,41 @@
   </ul>
   
   <p>
+    Security
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/index">
+      Overview
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/tls">
+      TLS Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/sasl">
+      SASL Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/zookeeper">
+      ZooKeeper Authentication
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
     Reference
   </p>
   <ul class="sidebar-items">
diff --git a/content/docs/latest/api/javadoc/constant-values.html b/content/docs/latest/api/javadoc/constant-values.html
index 077492c..1ffc451 100644
--- a/content/docs/latest/api/javadoc/constant-values.html
+++ b/content/docs/latest/api/javadoc/constant-values.html
@@ -2006,90 +2006,83 @@
 <td class="colLast"><code>"statsProviderClass"</code></td>
 </tr>
 <tr class="altColor">
-<td class="colFirst"><a name="org.apache.bookkeeper.conf.ServerConfiguration.TLS_CLIENT_AUTHENTICATION">
-<!--   -->
-</a><code>protected&nbsp;static&nbsp;final&nbsp;<a href="http://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
-<td><code><a href="org/apache/bookkeeper/conf/ServerConfiguration.html#TLS_CLIENT_AUTHENTICATION">TLS_CLIENT_AUTHENTICATION</a></code></td>
-<td class="colLast"><code>"tlsClientAuthentication"</code></td>
-</tr>
-<tr class="rowColor">
 <td class="colFirst"><a name="org.apache.bookkeeper.conf.ServerConfiguration.TLS_KEYSTORE">
 <!--   -->
 </a><code>protected&nbsp;static&nbsp;final&nbsp;<a href="http://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
 <td><code><a href="org/apache/bookkeeper/conf/ServerConfiguration.html#TLS_KEYSTORE">TLS_KEYSTORE</a></code></td>
 <td class="colLast"><code>"tlsKeyStore"</code></td>
 </tr>
-<tr class="altColor">
+<tr class="rowColor">
 <td class="colFirst"><a name="org.apache.bookkeeper.conf.ServerConfiguration.TLS_KEYSTORE_PASSWORD_PATH">
 <!--   -->
 </a><code>protected&nbsp;static&nbsp;final&nbsp;<a href="http://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
 <td><code><a href="org/apache/bookkeeper/conf/ServerConfiguration.html#TLS_KEYSTORE_PASSWORD_PATH">TLS_KEYSTORE_PASSWORD_PATH</a></code></td>
 <td class="colLast"><code>"tlsKeyStorePasswordPath"</code></td>
 </tr>
-<tr class="rowColor">
+<tr class="altColor">
 <td class="colFirst"><a name="org.apache.bookkeeper.conf.ServerConfiguration.TLS_KEYSTORE_TYPE">
 <!--   -->
 </a><code>protected&nbsp;static&nbsp;final&nbsp;<a href="http://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
 <td><code><a href="org/apache/bookkeeper/conf/ServerConfiguration.html#TLS_KEYSTORE_TYPE">TLS_KEYSTORE_TYPE</a></code></td>
 <td class="colLast"><code>"tlsKeyStoreType"</code></td>
 </tr>
-<tr class="altColor">
+<tr class="rowColor">
 <td class="colFirst"><a name="org.apache.bookkeeper.conf.ServerConfiguration.TLS_TRUSTSTORE">
 <!--   -->
 </a><code>protected&nbsp;static&nbsp;final&nbsp;<a href="http://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
 <td><code><a href="org/apache/bookkeeper/conf/ServerConfiguration.html#TLS_TRUSTSTORE">TLS_TRUSTSTORE</a></code></td>
 <td class="colLast"><code>"tlsTrustStore"</code></td>
 </tr>
-<tr class="rowColor">
+<tr class="altColor">
 <td class="colFirst"><a name="org.apache.bookkeeper.conf.ServerConfiguration.TLS_TRUSTSTORE_PASSWORD_PATH">
 <!--   -->
 </a><code>protected&nbsp;static&nbsp;final&nbsp;<a href="http://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
 <td><code><a href="org/apache/bookkeeper/conf/ServerConfiguration.html#TLS_TRUSTSTORE_PASSWORD_PATH">TLS_TRUSTSTORE_PASSWORD_PATH</a></code></td>
 <td class="colLast"><code>"tlsTrustStorePasswordPath"</code></td>
 </tr>
-<tr class="altColor">
+<tr class="rowColor">
 <td class="colFirst"><a name="org.apache.bookkeeper.conf.ServerConfiguration.TLS_TRUSTSTORE_TYPE">
 <!--   -->
 </a><code>protected&nbsp;static&nbsp;final&nbsp;<a href="http://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
 <td><code><a href="org/apache/bookkeeper/conf/ServerConfiguration.html#TLS_TRUSTSTORE_TYPE">TLS_TRUSTSTORE_TYPE</a></code></td>
 <td class="colLast"><code>"tlsTrustStoreType"</code></td>
 </tr>
-<tr class="rowColor">
+<tr class="altColor">
 <td class="colFirst"><a name="org.apache.bookkeeper.conf.ServerConfiguration.USE_HOST_NAME_AS_BOOKIE_ID">
 <!--   -->
 </a><code>protected&nbsp;static&nbsp;final&nbsp;<a href="http://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
 <td><code><a href="org/apache/bookkeeper/conf/ServerConfiguration.html#USE_HOST_NAME_AS_BOOKIE_ID">USE_HOST_NAME_AS_BOOKIE_ID</a></code></td>
 <td class="colLast"><code>"useHostNameAsBookieID"</code></td>
 </tr>
-<tr class="altColor">
+<tr class="rowColor">
 <td class="colFirst"><a name="org.apache.bookkeeper.conf.ServerConfiguration.WRITE_BUFFER_SIZE">
 <!--   -->
 </a><code>protected&nbsp;static&nbsp;final&nbsp;<a href="http://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
 <td><code><a href="org/apache/bookkeeper/conf/ServerConfiguration.html#WRITE_BUFFER_SIZE">WRITE_BUFFER_SIZE</a></code></td>
 <td class="colLast"><code>"writeBufferSizeBytes"</code></td>
 </tr>
-<tr class="rowColor">
+<tr class="altColor">
 <td class="colFirst"><a name="org.apache.bookkeeper.conf.ServerConfiguration.ZK_RETRY_BACKOFF_MAX_MS">
 <!--   -->
 </a><code>protected&nbsp;static&nbsp;final&nbsp;<a href="http://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
 <td><code><a href="org/apache/bookkeeper/conf/ServerConfiguration.html#ZK_RETRY_BACKOFF_MAX_MS">ZK_RETRY_BACKOFF_MAX_MS</a></code></td>
 <td class="colLast"><code>"zkRetryBackoffMaxMs"</code></td>
 </tr>
-<tr class="altColor">
+<tr class="rowColor">
 <td class="colFirst"><a name="org.apache.bookkeeper.conf.ServerConfiguration.ZK_RETRY_BACKOFF_START_MS">
 <!--   -->
 </a><code>protected&nbsp;static&nbsp;final&nbsp;<a href="http://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
 <td><code><a href="org/apache/bookkeeper/conf/ServerConfiguration.html#ZK_RETRY_BACKOFF_START_MS">ZK_RETRY_BACKOFF_START_MS</a></code></td>
 <td class="colLast"><code>"zkRetryBackoffStartMs"</code></td>
 </tr>
-<tr class="rowColor">
+<tr class="altColor">
 <td class="colFirst"><a name="org.apache.bookkeeper.conf.ServerConfiguration.ZK_SERVERS">
 <!--   -->
 </a><code>protected&nbsp;static&nbsp;final&nbsp;<a href="http://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
 <td><code><a href="org/apache/bookkeeper/conf/ServerConfiguration.html#ZK_SERVERS">ZK_SERVERS</a></code></td>
 <td class="colLast"><code>"zkServers"</code></td>
 </tr>
-<tr class="altColor">
+<tr class="rowColor">
 <td class="colFirst"><a name="org.apache.bookkeeper.conf.ServerConfiguration.ZK_TIMEOUT">
 <!--   -->
 </a><code>protected&nbsp;static&nbsp;final&nbsp;<a href="http://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
diff --git a/content/docs/latest/api/javadoc/index-all.html b/content/docs/latest/api/javadoc/index-all.html
index 9686f99..3ca61c1 100644
--- a/content/docs/latest/api/javadoc/index-all.html
+++ b/content/docs/latest/api/javadoc/index-all.html
@@ -5504,8 +5504,6 @@
 <dd>&nbsp;</dd>
 <dt><span class="memberNameLink"><a href="org/apache/bookkeeper/conf/AbstractConfiguration.html#TLS_CLIENT_AUTHENTICATION">TLS_CLIENT_AUTHENTICATION</a></span> - Static variable in class org.apache.bookkeeper.conf.<a href="org/apache/bookkeeper/conf/AbstractConfiguration.html" title="class in org.apache.bookkeeper.conf">AbstractConfiguration</a></dt>
 <dd>&nbsp;</dd>
-<dt><span class="memberNameLink"><a href="org/apache/bookkeeper/conf/ServerConfiguration.html#TLS_CLIENT_AUTHENTICATION">TLS_CLIENT_AUTHENTICATION</a></span> - Static variable in class org.apache.bookkeeper.conf.<a href="org/apache/bookkeeper/conf/ServerConfiguration.html" title="class in org.apache.bookkeeper.conf">ServerConfiguration</a></dt>
-<dd>&nbsp;</dd>
 <dt><span class="memberNameLink"><a href="org/apache/bookkeeper/conf/AbstractConfiguration.html#TLS_ENABLED_CIPHER_SUITES">TLS_ENABLED_CIPHER_SUITES</a></span> - Static variable in class org.apache.bookkeeper.conf.<a href="org/apache/bookkeeper/conf/AbstractConfiguration.html" title="class in org.apache.bookkeeper.conf">AbstractConfiguration</a></dt>
 <dd>
 <div class="block">This list will be passed to <a href="http://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLEngine.html?is-external=true#setEnabledCipherSuites-java.lang.String:A-" title="class or interface in javax.net.ssl"><code>SSLEngine.setEnabledCipherSuites(java.lang.String[])</code></a>.</div>
diff --git a/content/docs/latest/api/javadoc/org/apache/bookkeeper/conf/ServerConfiguration.html b/content/docs/latest/api/javadoc/org/apache/bookkeeper/conf/ServerConfiguration.html
index ffc7495..4e7c961 100644
--- a/content/docs/latest/api/javadoc/org/apache/bookkeeper/conf/ServerConfiguration.html
+++ b/content/docs/latest/api/javadoc/org/apache/bookkeeper/conf/ServerConfiguration.html
@@ -468,53 +468,49 @@ extends <a href="../../../../org/apache/bookkeeper/conf/AbstractConfiguration.ht
 </tr>
 <tr class="altColor">
 <td class="colFirst"><code>protected static <a href="http://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
-<td class="colLast"><code><span class="memberNameLink"><a href="../../../../org/apache/bookkeeper/conf/ServerConfiguration.html#TLS_CLIENT_AUTHENTICATION">TLS_CLIENT_AUTHENTICATION</a></span></code>&nbsp;</td>
-</tr>
-<tr class="rowColor">
-<td class="colFirst"><code>protected static <a href="http://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
 <td class="colLast"><code><span class="memberNameLink"><a href="../../../../org/apache/bookkeeper/conf/ServerConfiguration.html#TLS_KEYSTORE">TLS_KEYSTORE</a></span></code>&nbsp;</td>
 </tr>
-<tr class="altColor">
+<tr class="rowColor">
 <td class="colFirst"><code>protected static <a href="http://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
 <td class="colLast"><code><span class="memberNameLink"><a href="../../../../org/apache/bookkeeper/conf/ServerConfiguration.html#TLS_KEYSTORE_PASSWORD_PATH">TLS_KEYSTORE_PASSWORD_PATH</a></span></code>&nbsp;</td>
 </tr>
-<tr class="rowColor">
+<tr class="altColor">
 <td class="colFirst"><code>protected static <a href="http://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
 <td class="colLast"><code><span class="memberNameLink"><a href="../../../../org/apache/bookkeeper/conf/ServerConfiguration.html#TLS_KEYSTORE_TYPE">TLS_KEYSTORE_TYPE</a></span></code>&nbsp;</td>
 </tr>
-<tr class="altColor">
+<tr class="rowColor">
 <td class="colFirst"><code>protected static <a href="http://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
 <td class="colLast"><code><span class="memberNameLink"><a href="../../../../org/apache/bookkeeper/conf/ServerConfiguration.html#TLS_TRUSTSTORE">TLS_TRUSTSTORE</a></span></code>&nbsp;</td>
 </tr>
-<tr class="rowColor">
+<tr class="altColor">
 <td class="colFirst"><code>protected static <a href="http://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
 <td class="colLast"><code><span class="memberNameLink"><a href="../../../../org/apache/bookkeeper/conf/ServerConfiguration.html#TLS_TRUSTSTORE_PASSWORD_PATH">TLS_TRUSTSTORE_PASSWORD_PATH</a></span></code>&nbsp;</td>
 </tr>
-<tr class="altColor">
+<tr class="rowColor">
 <td class="colFirst"><code>protected static <a href="http://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
 <td class="colLast"><code><span class="memberNameLink"><a href="../../../../org/apache/bookkeeper/conf/ServerConfiguration.html#TLS_TRUSTSTORE_TYPE">TLS_TRUSTSTORE_TYPE</a></span></code>&nbsp;</td>
 </tr>
-<tr class="rowColor">
+<tr class="altColor">
 <td class="colFirst"><code>protected static <a href="http://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
 <td class="colLast"><code><span class="memberNameLink"><a href="../../../../org/apache/bookkeeper/conf/ServerConfiguration.html#USE_HOST_NAME_AS_BOOKIE_ID">USE_HOST_NAME_AS_BOOKIE_ID</a></span></code>&nbsp;</td>
 </tr>
-<tr class="altColor">
+<tr class="rowColor">
 <td class="colFirst"><code>protected static <a href="http://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
 <td class="colLast"><code><span class="memberNameLink"><a href="../../../../org/apache/bookkeeper/conf/ServerConfiguration.html#WRITE_BUFFER_SIZE">WRITE_BUFFER_SIZE</a></span></code>&nbsp;</td>
 </tr>
-<tr class="rowColor">
+<tr class="altColor">
 <td class="colFirst"><code>protected static <a href="http://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
 <td class="colLast"><code><span class="memberNameLink"><a href="../../../../org/apache/bookkeeper/conf/ServerConfiguration.html#ZK_RETRY_BACKOFF_MAX_MS">ZK_RETRY_BACKOFF_MAX_MS</a></span></code>&nbsp;</td>
 </tr>
-<tr class="altColor">
+<tr class="rowColor">
 <td class="colFirst"><code>protected static <a href="http://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
 <td class="colLast"><code><span class="memberNameLink"><a href="../../../../org/apache/bookkeeper/conf/ServerConfiguration.html#ZK_RETRY_BACKOFF_START_MS">ZK_RETRY_BACKOFF_START_MS</a></span></code>&nbsp;</td>
 </tr>
-<tr class="rowColor">
+<tr class="altColor">
 <td class="colFirst"><code>protected static <a href="http://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
 <td class="colLast"><code><span class="memberNameLink"><a href="../../../../org/apache/bookkeeper/conf/ServerConfiguration.html#ZK_SERVERS">ZK_SERVERS</a></span></code>&nbsp;</td>
 </tr>
-<tr class="altColor">
+<tr class="rowColor">
 <td class="colFirst"><code>protected static <a href="http://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
 <td class="colLast"><code><span class="memberNameLink"><a href="../../../../org/apache/bookkeeper/conf/ServerConfiguration.html#ZK_TIMEOUT">ZK_TIMEOUT</a></span></code>&nbsp;</td>
 </tr>
@@ -524,7 +520,7 @@ extends <a href="../../../../org/apache/bookkeeper/conf/AbstractConfiguration.ht
 <!--   -->
 </a>
 <h3>Fields inherited from class&nbsp;org.apache.bookkeeper.conf.<a href="../../../../org/apache/bookkeeper/conf/AbstractConfiguration.html" title="class in org.apache.bookkeeper.conf">AbstractConfiguration</a></h3>
-<code><a href="../../../../org/apache/bookkeeper/conf/AbstractConfiguration.html#AVAILABLE_NODE">AVAILABLE_NODE</a>, <a href="../../../../org/apache/bookkeeper/conf/AbstractConfiguration.html#DEFAULT_NETTY_MAX_FRAME_SIZE">DEFAULT_NETTY_MAX_FRAME_SIZE</a>, <a href="../../../../org/apache/bookkeeper/conf/AbstractConfiguration.html#defaultLoader">defaultLoader</a>, <a href="../../../../org/apache/bookkeeper/conf/AbstractConfiguration.html#LEDGER_MANAGER_FACTORY_CLASS">LEDGER_MANAGER_FACTORY [...]
+<code><a href="../../../../org/apache/bookkeeper/conf/AbstractConfiguration.html#AVAILABLE_NODE">AVAILABLE_NODE</a>, <a href="../../../../org/apache/bookkeeper/conf/AbstractConfiguration.html#DEFAULT_NETTY_MAX_FRAME_SIZE">DEFAULT_NETTY_MAX_FRAME_SIZE</a>, <a href="../../../../org/apache/bookkeeper/conf/AbstractConfiguration.html#defaultLoader">defaultLoader</a>, <a href="../../../../org/apache/bookkeeper/conf/AbstractConfiguration.html#LEDGER_MANAGER_FACTORY_CLASS">LEDGER_MANAGER_FACTORY [...]
 </ul>
 <ul class="blockList">
 <li class="blockList"><a name="fields.inherited.from.class.org.apache.commons.configuration.AbstractConfiguration">
@@ -2830,19 +2826,6 @@ extends <a href="../../../../org/apache/bookkeeper/conf/AbstractConfiguration.ht
 </dl>
 </li>
 </ul>
-<a name="TLS_CLIENT_AUTHENTICATION">
-<!--   -->
-</a>
-<ul class="blockList">
-<li class="blockList">
-<h4>TLS_CLIENT_AUTHENTICATION</h4>
-<pre>protected static final&nbsp;<a href="http://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> TLS_CLIENT_AUTHENTICATION</pre>
-<dl>
-<dt><span class="seeLabel">See Also:</span></dt>
-<dd><a href="../../../../constant-values.html#org.apache.bookkeeper.conf.ServerConfiguration.TLS_CLIENT_AUTHENTICATION">Constant Field Values</a></dd>
-</dl>
-</li>
-</ul>
 <a name="TLS_KEYSTORE_TYPE">
 <!--   -->
 </a>
diff --git a/content/docs/latest/api/ledger-adv-api/index.html b/content/docs/latest/api/ledger-adv-api/index.html
index b37c3d9..ea8ecc8 100644
--- a/content/docs/latest/api/ledger-adv-api/index.html
+++ b/content/docs/latest/api/ledger-adv-api/index.html
@@ -333,6 +333,41 @@
   </ul>
   
   <p>
+    Security
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/index">
+      Overview
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/tls">
+      TLS Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/sasl">
+      SASL Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/zookeeper">
+      ZooKeeper Authentication
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
     Reference
   </p>
   <ul class="sidebar-items">
diff --git a/content/docs/latest/api/ledger-api/index.html b/content/docs/latest/api/ledger-api/index.html
index d4a6f88..982a10a 100644
--- a/content/docs/latest/api/ledger-api/index.html
+++ b/content/docs/latest/api/ledger-api/index.html
@@ -333,6 +333,41 @@
   </ul>
   
   <p>
+    Security
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/index">
+      Overview
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/tls">
+      TLS Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/sasl">
+      SASL Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/zookeeper">
+      ZooKeeper Authentication
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
     Reference
   </p>
   <ul class="sidebar-items">
diff --git a/content/docs/latest/api/overview/index.html b/content/docs/latest/api/overview/index.html
index 9473c79..937912c 100644
--- a/content/docs/latest/api/overview/index.html
+++ b/content/docs/latest/api/overview/index.html
@@ -333,6 +333,41 @@
   </ul>
   
   <p>
+    Security
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/index">
+      Overview
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/tls">
+      TLS Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/sasl">
+      SASL Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/zookeeper">
+      ZooKeeper Authentication
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
     Reference
   </p>
   <ul class="sidebar-items">
diff --git a/content/docs/latest/deployment/dcos/index.html b/content/docs/latest/deployment/dcos/index.html
index 6c78e1e..93db6d7 100644
--- a/content/docs/latest/deployment/dcos/index.html
+++ b/content/docs/latest/deployment/dcos/index.html
@@ -333,6 +333,41 @@
   </ul>
   
   <p>
+    Security
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/index">
+      Overview
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/tls">
+      TLS Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/sasl">
+      SASL Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/zookeeper">
+      ZooKeeper Authentication
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
     Reference
   </p>
   <ul class="sidebar-items">
diff --git a/content/docs/latest/deployment/kubernetes/index.html b/content/docs/latest/deployment/kubernetes/index.html
index 39a640a..edfa2a6 100644
--- a/content/docs/latest/deployment/kubernetes/index.html
+++ b/content/docs/latest/deployment/kubernetes/index.html
@@ -333,6 +333,41 @@
   </ul>
   
   <p>
+    Security
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/index">
+      Overview
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/tls">
+      TLS Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/sasl">
+      SASL Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/zookeeper">
+      ZooKeeper Authentication
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
     Reference
   </p>
   <ul class="sidebar-items">
diff --git a/content/docs/latest/deployment/manual/index.html b/content/docs/latest/deployment/manual/index.html
index 3cf40b6..3a96c09 100644
--- a/content/docs/latest/deployment/manual/index.html
+++ b/content/docs/latest/deployment/manual/index.html
@@ -333,6 +333,41 @@
   </ul>
   
   <p>
+    Security
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/index">
+      Overview
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/tls">
+      TLS Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/sasl">
+      SASL Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/zookeeper">
+      ZooKeeper Authentication
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
     Reference
   </p>
   <ul class="sidebar-items">
diff --git a/content/docs/latest/development/codebase/index.html b/content/docs/latest/development/codebase/index.html
index 56bf41d..91d96f2 100644
--- a/content/docs/latest/development/codebase/index.html
+++ b/content/docs/latest/development/codebase/index.html
@@ -333,6 +333,41 @@
   </ul>
   
   <p>
+    Security
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/index">
+      Overview
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/tls">
+      TLS Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/sasl">
+      SASL Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/zookeeper">
+      ZooKeeper Authentication
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
     Reference
   </p>
   <ul class="sidebar-items">
diff --git a/content/docs/latest/development/protocol/index.html b/content/docs/latest/development/protocol/index.html
index 1807fd2..2ac8b38 100644
--- a/content/docs/latest/development/protocol/index.html
+++ b/content/docs/latest/development/protocol/index.html
@@ -333,6 +333,41 @@
   </ul>
   
   <p>
+    Security
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/index">
+      Overview
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/tls">
+      TLS Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/sasl">
+      SASL Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/zookeeper">
+      ZooKeeper Authentication
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
     Reference
   </p>
   <ul class="sidebar-items">
diff --git a/content/docs/latest/example/index.html b/content/docs/latest/example/index.html
index 74310bd..f4046aa 100644
--- a/content/docs/latest/example/index.html
+++ b/content/docs/latest/example/index.html
@@ -333,6 +333,41 @@
   </ul>
   
   <p>
+    Security
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/index">
+      Overview
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/tls">
+      TLS Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/sasl">
+      SASL Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/zookeeper">
+      ZooKeeper Authentication
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
     Reference
   </p>
   <ul class="sidebar-items">
diff --git a/content/docs/latest/getting-started/concepts/index.html b/content/docs/latest/getting-started/concepts/index.html
index ddea8ed..4264859 100644
--- a/content/docs/latest/getting-started/concepts/index.html
+++ b/content/docs/latest/getting-started/concepts/index.html
@@ -333,6 +333,41 @@
   </ul>
   
   <p>
+    Security
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/index">
+      Overview
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/tls">
+      TLS Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/sasl">
+      SASL Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/zookeeper">
+      ZooKeeper Authentication
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
     Reference
   </p>
   <ul class="sidebar-items">
diff --git a/content/docs/latest/getting-started/installation/index.html b/content/docs/latest/getting-started/installation/index.html
index 6cc8f36..5c0821c 100644
--- a/content/docs/latest/getting-started/installation/index.html
+++ b/content/docs/latest/getting-started/installation/index.html
@@ -333,6 +333,41 @@
   </ul>
   
   <p>
+    Security
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/index">
+      Overview
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/tls">
+      TLS Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/sasl">
+      SASL Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/zookeeper">
+      ZooKeeper Authentication
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
     Reference
   </p>
   <ul class="sidebar-items">
diff --git a/content/docs/latest/getting-started/run-locally/index.html b/content/docs/latest/getting-started/run-locally/index.html
index 6b62c45..63fd757 100644
--- a/content/docs/latest/getting-started/run-locally/index.html
+++ b/content/docs/latest/getting-started/run-locally/index.html
@@ -333,6 +333,41 @@
   </ul>
   
   <p>
+    Security
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/index">
+      Overview
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/tls">
+      TLS Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/sasl">
+      SASL Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/zookeeper">
+      ZooKeeper Authentication
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
     Reference
   </p>
   <ul class="sidebar-items">
diff --git a/content/docs/latest/reference/cli/index.html b/content/docs/latest/reference/cli/index.html
index 6cf7418..515f981 100644
--- a/content/docs/latest/reference/cli/index.html
+++ b/content/docs/latest/reference/cli/index.html
@@ -333,6 +333,41 @@
   </ul>
   
   <p>
+    Security
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/index">
+      Overview
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/tls">
+      TLS Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/sasl">
+      SASL Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/zookeeper">
+      ZooKeeper Authentication
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
     Reference
   </p>
   <ul class="sidebar-items">
diff --git a/content/docs/latest/reference/config/index.html b/content/docs/latest/reference/config/index.html
index 94e71b2..b08fe70 100644
--- a/content/docs/latest/reference/config/index.html
+++ b/content/docs/latest/reference/config/index.html
@@ -333,6 +333,41 @@
   </ul>
   
   <p>
+    Security
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/index">
+      Overview
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/tls">
+      TLS Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/sasl">
+      SASL Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/zookeeper">
+      ZooKeeper Authentication
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
     Reference
   </p>
   <ul class="sidebar-items">
diff --git a/content/docs/latest/reference/metrics/index.html b/content/docs/latest/reference/metrics/index.html
index 9eedf3c..0638413 100644
--- a/content/docs/latest/reference/metrics/index.html
+++ b/content/docs/latest/reference/metrics/index.html
@@ -333,6 +333,41 @@
   </ul>
   
   <p>
+    Security
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/index">
+      Overview
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/tls">
+      TLS Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/sasl">
+      SASL Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/latest/security/zookeeper">
+      ZooKeeper Authentication
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
     Reference
   </p>
   <ul class="sidebar-items">
diff --git a/content/docs/latest/getting-started/run-locally/index.html b/content/docs/security/index.html
similarity index 77%
copy from content/docs/latest/getting-started/run-locally/index.html
copy to content/docs/security/index.html
index 6b62c45..30c48d5 100644
--- a/content/docs/latest/getting-started/run-locally/index.html
+++ b/content/docs/security/index.html
@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 <html>
   <head>
-    <title>Apache BookKeeper - Run bookies locally</title>
+    <title>Apache BookKeeper - BookKeeper Security</title>
 
 <meta charset="utf-8">
 <meta http-equiv="X-UA-Compatible" content="IE=edge">
@@ -195,7 +195,7 @@
 <aside class="sidebar">
   
   <a class="button is-info">
-    Version : latest
+    Version : security
   </a>
   <hr />
   
@@ -206,21 +206,21 @@
     
     
     <li>
-      <a href="/test/content/docs/latest/getting-started/installation">
+      <a href="/test/content/docs/security/getting-started/installation">
       Installation
       </a>
     </li>
     
     
     <li>
-      <a href="/test/content/docs/latest/getting-started/run-locally">
+      <a href="/test/content/docs/security/getting-started/run-locally">
       Run bookies locally
       </a>
     </li>
     
     
     <li>
-      <a href="/test/content/docs/latest/getting-started/concepts">
+      <a href="/test/content/docs/security/getting-started/concepts">
       Concepts and architecture
       </a>
     </li>
@@ -234,14 +234,14 @@
     
     
     <li>
-      <a href="/test/content/docs/latest/deployment/manual">
+      <a href="/test/content/docs/security/deployment/manual">
       Manual deployment
       </a>
     </li>
     
     
     <li>
-      <a href="/test/content/docs/latest/deployment/dcos">
+      <a href="/test/content/docs/security/deployment/dcos">
       BookKeeper on DC/OS
       </a>
     </li>
@@ -255,28 +255,28 @@
     
     
     <li>
-      <a href="/test/content/docs/latest/admin/bookies">
+      <a href="/test/content/docs/security/admin/bookies">
       BookKeeper administration
       </a>
     </li>
     
     
     <li>
-      <a href="/test/content/docs/latest/admin/autorecovery">
+      <a href="/test/content/docs/security/admin/autorecovery">
       AutoRecovery
       </a>
     </li>
     
     
     <li>
-      <a href="/test/content/docs/latest/admin/metrics">
+      <a href="/test/content/docs/security/admin/metrics">
       Metric collection
       </a>
     </li>
     
     
     <li>
-      <a href="/test/content/docs/latest/admin/upgrade">
+      <a href="/test/content/docs/security/admin/upgrade">
       Upgrade
       </a>
     </li>
@@ -290,28 +290,28 @@
     
     
     <li>
-      <a href="/test/content/docs/latest/api/overview">
+      <a href="/test/content/docs/security/api/overview">
       Overview
       </a>
     </li>
     
     
     <li>
-      <a href="/test/content/docs/latest/api/ledger-api">
+      <a href="/test/content/docs/security/api/ledger-api">
       Ledger API
       </a>
     </li>
     
     
     <li>
-      <a href="/test/content/docs/latest/api/ledger-adv-api">
+      <a href="/test/content/docs/security/api/ledger-adv-api">
       Advanced Ledger API
       </a>
     </li>
     
     
     <li>
-      <a href="/test/content/docs/latest/api/distributedlog-api">
+      <a href="/test/content/docs/security/api/distributedlog-api">
       DistributedLog
       </a>
     </li>
@@ -325,7 +325,7 @@
     
     
     <li>
-      <a href="/test/content/docs/latest/development/protocol">
+      <a href="/test/content/docs/security/development/protocol">
       BookKeeper protocol
       </a>
     </li>
@@ -333,27 +333,62 @@
   </ul>
   
   <p>
+    Security
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/security/security/index">
+      Overview
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/security/tls">
+      TLS Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/security/sasl">
+      SASL Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/security/zookeeper">
+      ZooKeeper Authentication
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
     Reference
   </p>
   <ul class="sidebar-items">
     
     
     <li>
-      <a href="/test/content/docs/latest/reference/config">
+      <a href="/test/content/docs/security/reference/config">
       Configuration
       </a>
     </li>
     
     
     <li>
-      <a href="/test/content/docs/latest/reference/cli">
+      <a href="/test/content/docs/security/reference/cli">
       Command-line tools
       </a>
     </li>
     
     
     <li>
-      <a href="/test/content/docs/latest/reference/metrics">
+      <a href="/test/content/docs/security/reference/metrics">
       Metrics
       </a>
     </li>
@@ -371,7 +406,7 @@
         <nav class="level bk-level">
           <div class="level-left">
             <div class="level-item">
-              <h1 class="title">Run bookies locally</h1>
+              <h1 class="title">BookKeeper Security</h1>
             </div>
           </div>
           
@@ -384,27 +419,34 @@
 
       <div class="content">
         <section class="bk-main-content">
-          <p><span class="pop" id="bookie-popover">Bookies</span> are individual BookKeeper servers. You can run an ensemble of bookies locally on a single machine using the <a href="../../reference/cli#bookkeeper-localbookie"><code class="highlighter-rouge">localbookie</code></a> command of the <code class="highlighter-rouge">bookkeeper</code> CLI tool and specifying the number of bookies you’d like to include in the ensemble.</p>
+          <p>In the 4.5.0 release, the BookKeeper community added a number of features that can be used, together or separately, to secure a BookKeeper cluster.
+The following security measures are currently supported:</p>
 
-<p>This would start up an ensemble with 10 bookies:</p>
+<ol>
+  <li>Authentication of connections to bookies from clients, using either <a href="./tls">TLS</a> or <a href="./sasl">SASL (Kerberos)</a>.</li>
+  <li>Authentication of connections from clients, bookies, autorecovery daemons to <a href="./zookeeper">ZooKeeper</a>, when using zookeeper based ledger managers.</li>
+  <li>Encryption of data transferred between bookies and clients, between bookies and autorecovery daemons using <a href="./tls">TLS</a>.</li>
+</ol>
 
-<div class="language-shell highlighter-rouge"><pre class="highlight"><code><span class="gp">$ </span>bookeeper-server/bin/bookeeper localbookie 10
-</code></pre>
-</div>
+<p>It’s worth noting that security is optional - non-secured clusters are supported, as well as a mix of authenticated, unauthenticated, encrypted and non-encrypted clients.</p>
+
+<p>NOTE: currently <code class="highlighter-rouge">authorization</code> is not yet available in <code class="highlighter-rouge">4.5.0</code>. The Apache BookKeeper community is looking for adding this feature in subsequent releases.</p>
+
+<h2 id="next-steps">Next Steps</h2>
 
-<blockquote>
-  <p>When you start up an ensemble using <code class="highlighter-rouge">localbookie</code>, all bookies run in a single JVM process.</p>
-</blockquote>
+<ul>
+  <li><a href="./tls">Encryption and Authentication using TLS</a></li>
+  <li><a href="./sasl">Authentication using SASL</a></li>
+  <li><a href="./zookeeper">ZooKeeper Authentication</a></li>
+</ul>
 
         </section>
 
         
         <nav class="pagination is-centered">
           
-          <a class="pagination-previous" href="../installation">Previous</a>
           
-          
-          <a class="pagination-next" href="../concepts">Next</a>
+          <a class="pagination-next" href="./tls.html">Next</a>
           
           <ul class="pagination-list"></ul>
         </nav>
@@ -414,6 +456,16 @@
 
     <div class="column is-2 is-hidden-mobile">
       
+      
+<div class="toc">
+  <h2 class="title">BookKeeper Security</h2>
+  <ul class="section-nav">
+<li class="toc-entry toc-h2"><a href="#next-steps">Next Steps</a></li>
+</ul>
+</div>
+
+
+      
     </div>
   </div>
 </div>
diff --git a/content/docs/security/sasl/index.html b/content/docs/security/sasl/index.html
new file mode 100644
index 0000000..24b278e
--- /dev/null
+++ b/content/docs/security/sasl/index.html
@@ -0,0 +1,799 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>Apache BookKeeper - Authentication using SASL</title>
+
+<meta charset="utf-8">
+<meta http-equiv="X-UA-Compatible" content="IE=edge">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+
+<link rel="stylesheet" href="/test/content/css/normalize.css">
+<link rel="stylesheet" href="/test/content/css/tippy.css">
+<link rel="stylesheet" href="/test/content/css/style.css">
+
+<link rel="shortcut icon" href="/test/content/img/favicon.ico">
+
+<script src="/test/content/js/tippy.min.js"></script>
+
+<script type="text/javascript">
+  var shiftWindow = function() { scrollBy(0, -108); };
+  window.addEventListener("hashchange", shiftWindow);
+  window.addEventListener("pageshow", shiftWindow);
+  function load() { if (window.location.hash) shiftWindow(); }
+</script>
+
+  </head>
+  <body class="body">
+    <main class="main">
+      
+<nav class="navbar bk-topnav">
+  <div class="navbar-brand">
+    <a class="navbar-item bk-brand" href="/test/content/">
+      Apache BookKeeper
+    </a>
+
+    <!--
+    <a class="navbar-item is-hidden-desktop bk-github" href="https://github.com/apache/bookkeeper" target="_blank">
+      <span class="icon">
+        <i class="fa fa-github"></i>
+      </span>
+    </a>
+
+    <a class="navbar-item is-hidden-desktop bk-twitter" href="https://twitter.com/jgthms" target="_blank">
+      <span class="icon">
+        <i class="fa fa-twitter"></i>
+      </span>
+    </a>
+    -->
+
+    <div class="navbar-burger" data-target="bkNav">
+      <span></span>
+      <span></span>
+      <span></span>
+    </div>
+  </div>
+
+  <div id="bkNav" class="navbar-menu">
+    <div class="navbar-start">
+      <div class="navbar-item has-dropdown is-hoverable">
+        <a class="navbar-link">Documentation</a>
+        <div class="navbar-dropdown is-boxed">
+          <a class="navbar-item" href="/test/content/docs/latest/index.html">
+            Version 4.5.0-SNAPSHOT
+            <span class="tag is-warning">Development</span>
+          </a>
+          <a class="navbar-item" href="/test/content/docs/latest/api/javadoc">
+            <span class="icon bk-javadoc-icon">
+              <img src="/test/content/img/java-icon.svg">
+            </span>
+            Javadoc
+          </a>
+          <hr class="dropdown-divider">
+          
+          
+          <a class="navbar-item" href="/test/content/archives/docs/r4.4.0">
+            Release 4.4.0
+            <span class="tag is-success">Stable</span>
+          </a>
+          
+          <a class="navbar-item" href="/test/content/archives/docs/r4.3.2">
+            Release 4.3.2
+            
+          </a>
+          
+          <a class="navbar-item" href="/test/content/archives/docs/r4.3.1">
+            Release 4.3.1
+            
+          </a>
+          
+          <a class="navbar-item" href="/test/content/archives/docs/r4.3.0">
+            Release 4.3.0
+            
+          </a>
+          
+          <a class="navbar-item" href="/test/content/archives/docs/r4.2.4">
+            Release 4.2.4
+            
+          </a>
+          
+          <a class="navbar-item" href="/test/content/archives/docs/r4.2.3">
+            Release 4.2.3
+            
+          </a>
+          
+          <a class="navbar-item" href="/test/content/archives/docs/r4.2.2">
+            Release 4.2.2
+            
+          </a>
+          
+          <a class="navbar-item" href="/test/content/archives/docs/r4.2.1">
+            Release 4.2.1
+            
+          </a>
+          
+          <a class="navbar-item" href="/test/content/archives/docs/r4.2.0">
+            Release 4.2.0
+            
+          </a>
+          
+          <a class="navbar-item" href="/test/content/archives/docs/r4.1.0">
+            Release 4.1.0
+            
+          </a>
+          
+          <a class="navbar-item" href="/test/content/archives/docs/r4.0.0">
+            Release 4.0.0
+            
+          </a>
+          
+        </div>
+      </div>
+
+      <div class="navbar-item has-dropdown is-hoverable">
+        <a class="navbar-link">Community</a>
+        <div class="navbar-dropdown is-boxed">
+          <a class="navbar-item" href="/test/content/community/mailing-lists">Mailing lists</a>
+          <a class="navbar-item" href="/test/content/community/slack">Slack</a>
+          <a class="navbar-item" href="/test/content/community/contributing">Contributing</a>
+          <a class="navbar-item" href="https://issues.apache.org/jira/projects/BOOKKEEPER">JIRA Issue Tracker</a>
+        </div>
+      </div>
+
+      <div class="navbar-item has-dropdown is-hoverable">
+        <a class="navbar-link">Project</a>
+        <div class="navbar-dropdown is-boxed">
+          <a class="navbar-item" href="/test/content/project/who">Who are we?</a>
+          <a class="navbar-item" href="/test/content/project/bylaws">Bylaws</a>
+          <a class="navbar-item" href="http://www.apache.org/licenses/">License</a>
+          <hr class="dropdown-divider">
+          <a class="navbar-item" href="/test/content/project/privacy">Privacy policy</a>
+          <a class="navbar-item" href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a>
+          <a class="navbar-item" href="http://www.apache.org/foundation/thanks.html">Thanks</a>
+        </div>
+      </div>
+    </div>
+
+    <div class="navbar-end">
+      <div class="navbar-item">
+        <div class="field is-grouped">
+          <p class="control">
+            <a class="button bk-twitter" href="https://twitter.com/asfbookkeeper">
+              <span class="icon">
+                <i class="fa fa-twitter"></i>
+              </span>
+              <span>Twitter</span>
+            </a>
+          </p>
+          <p class="control">
+            <a class="button" href="https://github.com/apache/bookkeeper">
+              <span class="icon">
+                <i class="fa fa-github"></i>
+              </span>
+              <span>GitHub</span>
+            </a>
+          </p>
+          <p class="control">
+            <a class="button is-primary" href="/test/content/releases">
+              <span class="icon">
+                <i class="fa fa-download"></i>
+              </span>
+              <span>Download</span>
+            </a>
+          </p>
+        </div>
+      </div>
+    </div>
+  </div>
+</nav>
+
+
+      <div class="bk-docs-container">
+  <div class="columns is-gapless">
+    <div class="column is-2 is-hidden-mobile">
+      <div class="container">
+        
+<aside class="sidebar">
+  
+  <a class="button is-info">
+    Version : security
+  </a>
+  <hr />
+  
+  <p>
+    Getting started
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/security/getting-started/installation">
+      Installation
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/getting-started/run-locally">
+      Run bookies locally
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/getting-started/concepts">
+      Concepts and architecture
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
+    Deployment
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/security/deployment/manual">
+      Manual deployment
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/deployment/dcos">
+      BookKeeper on DC/OS
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
+    Administration
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/security/admin/bookies">
+      BookKeeper administration
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/admin/autorecovery">
+      AutoRecovery
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/admin/metrics">
+      Metric collection
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/admin/upgrade">
+      Upgrade
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
+    API
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/security/api/overview">
+      Overview
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/api/ledger-api">
+      Ledger API
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/api/ledger-adv-api">
+      Advanced Ledger API
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/api/distributedlog-api">
+      DistributedLog
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
+    Development
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/security/development/protocol">
+      BookKeeper protocol
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
+    Security
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/security/security/index">
+      Overview
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/security/tls">
+      TLS Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/security/sasl">
+      SASL Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/security/zookeeper">
+      ZooKeeper Authentication
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
+    Reference
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/security/reference/config">
+      Configuration
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/reference/cli">
+      Command-line tools
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/reference/metrics">
+      Metrics
+      </a>
+    </li>
+    
+  </ul>
+  
+</aside>
+
+
+      </div>
+    </div>
+
+    <div class="column is-8 bk-docs-block">
+      <header class="docs-title">
+        <nav class="level bk-level">
+          <div class="level-left">
+            <div class="level-item">
+              <h1 class="title">Authentication using SASL</h1>
+            </div>
+          </div>
+          
+        </nav>
+
+        
+      </header>
+
+      <hr />
+
+      <div class="content">
+        <section class="bk-main-content">
+          <p>Bookies support client authentication via SASL. Currently we only support GSSAPI (Kerberos). We will start
+with a general description of how to configure <code class="highlighter-rouge">SASL</code> for bookies, clients and autorecovery daemons, followed
+by mechanism-specific details and wrap up with some operational details.</p>
+
+<h2 id="sasl-configuration-for-bookies">SASL configuration for Bookies</h2>
+
+<ol>
+  <li>Select the mechanisms to enable in the bookies. <code class="highlighter-rouge">GSSAPI</code> is the only mechanism currently supported by BookKeeper.</li>
+  <li>Add a <code class="highlighter-rouge">JAAS</code> config file for the selected mechanisms as described in the examples for setting up <a href="#kerberos">GSSAPI (Kerberos)</a>.</li>
+  <li>
+    <p>Pass the <code class="highlighter-rouge">JAAS</code> config file location as JVM parameter to each Bookie. For example:</p>
+
+    <div class="language-shell highlighter-rouge"><pre class="highlight"><code> -Djava.security.auth.login.config<span class="o">=</span>/etc/bookkeeper/bookie_jaas.conf 
+</code></pre>
+    </div>
+  </li>
+  <li>
+    <p>Enable SASL auth plugin in bookies, by setting <code class="highlighter-rouge">bookieAuthProviderFactoryClass</code> to <code class="highlighter-rouge">org.apache.bookkeeper.sasl.SASLBookieAuthProviderFactory</code>.</p>
+
+    <div class="language-shell highlighter-rouge"><pre class="highlight"><code> <span class="nv">bookieAuthProviderFactoryClass</span><span class="o">=</span>org.apache.bookkeeper.sasl.SASLBookieAuthProviderFactory
+</code></pre>
+    </div>
+  </li>
+  <li>
+    <p>If you are running <code class="highlighter-rouge">autorecovery</code> along with bookies, then you want to enable SASL auth plugin for <code class="highlighter-rouge">autorecovery</code>, by setting
+ <code class="highlighter-rouge">clientAuthProviderFactoryClass</code> to <code class="highlighter-rouge">org.apache.bookkeeper.sasl.SASLClientProviderFactory</code>.</p>
+
+    <div class="language-shell highlighter-rouge"><pre class="highlight"><code> <span class="nv">clientAuthProviderFactoryClass</span><span class="o">=</span>org.apache.bookkeeper.sasl.SASLClientProviderFactory
+</code></pre>
+    </div>
+  </li>
+  <li>Follow the steps in <a href="#kerberos">GSSAPI (Kerberos)</a> to configure SASL.</li>
+</ol>
+
+<h4 id="-important-notes"><a name="notes"></a> Important Notes</h4>
+
+<ol>
+  <li><code class="highlighter-rouge">Bookie</code> is a section name in the JAAS file used by each bookie. This section tells the bookie which principal to use
+ and the location of the keytab where the principal is stored. It allows the bookie to login using the keytab specified in this section.</li>
+  <li><code class="highlighter-rouge">Auditor</code> is a section name in the JASS file used by <code class="highlighter-rouge">autorecovery</code> daemon (it can be co-run with bookies). This section tells the
+ <code class="highlighter-rouge">autorecovery</code> daemon which principal to use and the location of the keytab where the principal is stored. It allows the bookie to
+ login using the keytab specified in this section.</li>
+  <li>The <code class="highlighter-rouge">Client</code> section is used to authenticate a SASL connection with ZooKeeper. It also allows the bookies to set ACLs on ZooKeeper nodes
+ which locks these nodes down so that only the bookies can modify it. It is necessary to have the same primary name across all bookies.
+ If you want to use a section name other than <code class="highlighter-rouge">Client</code>, set the system property <code class="highlighter-rouge">zookeeper.sasl.client</code> to the appropriate name
+ (e.g <code class="highlighter-rouge">-Dzookeeper.sasl.client=ZKClient</code>).</li>
+  <li>ZooKeeper uses <code class="highlighter-rouge">zookeeper</code> as the service name by default. If you want to change this, set the system property
+ <code class="highlighter-rouge">zookeeper.sasl.client.username</code> to the appropriate name (e.g. <code class="highlighter-rouge">-Dzookeeper.sasl.client.username=zk</code>).</li>
+</ol>
+
+<h2 id="sasl-configuration-for-clients">SASL configuration for Clients</h2>
+
+<p>To configure <code class="highlighter-rouge">SASL</code> authentication on the clients:</p>
+
+<ol>
+  <li>Select a <code class="highlighter-rouge">SASL</code> mechanism for authentication and add a <code class="highlighter-rouge">JAAS</code> config file for the selected mechanism as described in the examples for
+ setting up <a href="#kerberos">GSSAPI (Kerberos)</a>.</li>
+  <li>
+    <p>Pass the <code class="highlighter-rouge">JAAS</code> config file location as JVM parameter to each client JVM. For example:</p>
+
+    <div class="language-shell highlighter-rouge"><pre class="highlight"><code> -Djava.security.auth.login.config<span class="o">=</span>/etc/bookkeeper/bookkeeper_jaas.conf 
+</code></pre>
+    </div>
+  </li>
+  <li>
+    <p>Configure the following properties in bookkeeper <code class="highlighter-rouge">ClientConfiguration</code>:</p>
+
+    <div class="language-shell highlighter-rouge"><pre class="highlight"><code> <span class="nv">clientAuthProviderFactoryClass</span><span class="o">=</span>org.apache.bookkeeper.sasl.SASLClientProviderFactory
+</code></pre>
+    </div>
+  </li>
+</ol>
+
+<p>Follow the steps in <a href="#kerberos">GSSAPI (Kerberos)</a> to configure SASL for the selected mechanism.</p>
+
+<h2 id="-authentication-using-saslkerberos"><a name="kerberos"></a> Authentication using SASL/Kerberos</h2>
+
+<h3 id="prerequisites">Prerequisites</h3>
+
+<h4 id="kerberos">Kerberos</h4>
+
+<p>If your organization is already using a Kerberos server (for example, by using <code class="highlighter-rouge">Active Directory</code>), there is no need to
+install a new server just for BookKeeper. Otherwise you will need to install one, your Linux vendor likely has packages
+for <code class="highlighter-rouge">Kerberos</code> and a short guide on how to install and configure it (<a href="https://help.ubuntu.com/community/Kerberos">Ubuntu</a>,
+<a href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Smart_Cards/installing-kerberos.html">Redhat</a>).
+Note that if you are using Oracle Java, you will need to download JCE policy files for your Java version and copy them to <code class="highlighter-rouge">$JAVA_HOME/jre/lib/security</code>.</p>
+
+<h4 id="kerberos-principals">Kerberos Principals</h4>
+
+<p>If you are using the organization’s Kerberos or Active Directory server, ask your Kerberos administrator for a principal
+for each Bookie in your cluster and for every operating system user that will access BookKeeper with Kerberos authentication
+(via clients and tools).</p>
+
+<p>If you have installed your own Kerberos, you will need to create these principals yourself using the following commands:</p>
+
+<div class="language-shell highlighter-rouge"><pre class="highlight"><code>sudo /usr/sbin/kadmin.local -q <span class="s1">'addprinc -randkey bookkeeper/{hostname}@{REALM}'</span>
+sudo /usr/sbin/kadmin.local -q <span class="s2">"ktadd -k /etc/security/keytabs/{keytabname}.keytab bookkeeper/{hostname}@{REALM}"</span>
+</code></pre>
+</div>
+
+<h5 id="all-hosts-must-be-reachable-using-hostnames">All hosts must be reachable using hostnames</h5>
+
+<p>It is a <em>Kerberos</em> requirement that all your hosts can be resolved with their FQDNs.</p>
+
+<h3 id="configuring-bookies">Configuring Bookies</h3>
+
+<ol>
+  <li>
+    <p>Add a suitably modified JAAS file similar to the one below to each Bookie’s config directory, let’s call it <code class="highlighter-rouge">bookie_jaas.conf</code>
+for this example (note that each bookie should have its own keytab):</p>
+
+    <div class="highlighter-rouge"><pre class="highlight"><code> Bookie {
+     com.sun.security.auth.module.Krb5LoginModule required
+     useKeyTab=true
+     storeKey=true
+     keyTab="/etc/security/keytabs/bookie.keytab"
+     principal="bookkeeper/bk1.hostname.com@EXAMPLE.COM";
+ };
+ // ZooKeeper client authentication
+ Client {
+     com.sun.security.auth.module.Krb5LoginModule required
+     useKeyTab=true
+     storeKey=true
+     keyTab="/etc/security/keytabs/bookie.keytab"
+     principal="bookkeeper/bk1.hostname.com@EXAMPLE.COM";
+ };
+ // If you are running `autorecovery` along with bookies
+ Auditor {
+     com.sun.security.auth.module.Krb5LoginModule required
+     useKeyTab=true
+     storeKey=true
+     keyTab="/etc/security/keytabs/bookie.keytab"
+     principal="bookkeeper/bk1.hostname.com@EXAMPLE.COM";
+ };
+</code></pre>
+    </div>
+
+    <p>The <code class="highlighter-rouge">Bookie</code> section in the JAAS file tells the bookie which principal to use and the location of the keytab where this principal is stored.
+ It allows the bookie to login using the keytab specified in this section. See <a href="#notes">notes</a> for more details on Zookeeper’s SASL configuration.</p>
+  </li>
+  <li>
+    <p>Pass the name of the JAAS file as a JVM parameter to each Bookie:</p>
+
+    <div class="language-shell highlighter-rouge"><pre class="highlight"><code> -Djava.security.auth.login.config<span class="o">=</span>/etc/bookkeeper/bookie_jaas.conf
+</code></pre>
+    </div>
+
+    <p>You may also wish to specify the path to the <code class="highlighter-rouge">krb5.conf</code> file
+ (see <a href="https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/KerberosReq.html">JDK’s Kerberos Requirements</a> for more details):</p>
+
+    <div class="language-shell highlighter-rouge"><pre class="highlight"><code> -Djava.security.krb5.conf<span class="o">=</span>/etc/bookkeeper/krb5.conf
+</code></pre>
+    </div>
+  </li>
+  <li>
+    <p>Make sure the keytabs configured in the JAAS file are readable by the operating system user who is starting the Bookies.</p>
+  </li>
+  <li>
+    <p>Enable SASL authentication plugin in the bookies by setting following parameters.</p>
+
+    <div class="language-shell highlighter-rouge"><pre class="highlight"><code> <span class="nv">bookieAuthProviderFactoryClass</span><span class="o">=</span>org.apache.bookkeeper.sasl.SASLBookieAuthProviderFactory
+ <span class="c"># if you run `autorecovery` along with bookies</span>
+ <span class="nv">clientAuthProviderFactoryClass</span><span class="o">=</span>org.apache.bookkeeper.sasl.SASLClientProviderFactory
+</code></pre>
+    </div>
+  </li>
+</ol>
+
+<h3 id="configuring-clients">Configuring Clients</h3>
+
+<p>To configure SASL authentication on the clients:</p>
+
+<ol>
+  <li>
+    <p>Clients will authenticate to the cluster with their own principal (usually with the same name as the user running the client),
+ so obtain or create these principals as needed. Then create a <code class="highlighter-rouge">JAAS</code> file for each principal. The <code class="highlighter-rouge">BookKeeper</code> section describes
+ how the clients like writers and readers can connect to the Bookies. The following is an example configuration for a client using
+ a keytab (recommended for long-running processes):</p>
+
+    <div class="highlighter-rouge"><pre class="highlight"><code> BookKeeper {
+     com.sun.security.auth.module.Krb5LoginModule required
+     useKeyTab=true
+     storeKey=true
+     keyTab="/etc/security/keytabs/bookkeeper.keytab"
+     principal="bookkeeper-client-1@EXAMPLE.COM";
+ };
+</code></pre>
+    </div>
+  </li>
+  <li>
+    <p>Pass the name of the JAAS file as a JVM parameter to the client JVM:</p>
+
+    <div class="language-shell highlighter-rouge"><pre class="highlight"><code> -Djava.security.auth.login.config<span class="o">=</span>/etc/bookkeeper/bookkeeper_jaas.conf
+</code></pre>
+    </div>
+
+    <p>You may also wish to specify the path to the <code class="highlighter-rouge">krb5.conf</code> file (see
+ <a href="https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/KerberosReq.html">JDK’s Kerberos Requirements</a> for more details).</p>
+
+    <div class="language-shell highlighter-rouge"><pre class="highlight"><code> -Djava.security.krb5.conf<span class="o">=</span>/etc/bookkeeper/krb5.conf
+</code></pre>
+    </div>
+  </li>
+  <li>
+    <p>Make sure the keytabs configured in the <code class="highlighter-rouge">bookkeeper_jaas.conf</code> are readable by the operating system user who is starting bookkeeper client.</p>
+  </li>
+  <li>
+    <p>Enable SASL authentication plugin in the client by setting following parameters.</p>
+
+    <div class="language-shell highlighter-rouge"><pre class="highlight"><code> <span class="nv">clientAuthProviderFactoryClass</span><span class="o">=</span>org.apache.bookkeeper.sasl.SASLClientProviderFactory
+</code></pre>
+    </div>
+  </li>
+</ol>
+
+<h2 id="enabling-logging-for-sasl">Enabling Logging for SASL</h2>
+
+<p>To enable SASL debug output, you can set <code class="highlighter-rouge">sun.security.krb5.debug</code> system property to <code class="highlighter-rouge">true</code>.</p>
+
+
+        </section>
+
+        
+        <nav class="pagination is-centered">
+          
+          <a class="pagination-previous" href="../tls">Previous</a>
+          
+          
+          <a class="pagination-next" href="../zookeeper">Next</a>
+          
+          <ul class="pagination-list"></ul>
+        </nav>
+        
+      </div>
+    </div>
+
+    <div class="column is-2 is-hidden-mobile">
+      
+      
+<div class="toc">
+  <h2 class="title">Authentication using SASL</h2>
+  <ul class="section-nav">
+<li class="toc-entry toc-h2"><a href="#sasl-configuration-for-bookies">SASL configuration for Bookies</a></li>
+<li class="toc-entry toc-h4"><a href="#-important-notes"> Important Notes</a></li>
+<li class="toc-entry toc-h2"><a href="#sasl-configuration-for-clients">SASL configuration for Clients</a></li>
+<li class="toc-entry toc-h2"><a href="#-authentication-using-saslkerberos"> Authentication using SASL/Kerberos</a></li>
+<li class="toc-entry toc-h3"><a href="#prerequisites">Prerequisites</a></li>
+<li class="toc-entry toc-h4"><a href="#kerberos">Kerberos</a></li>
+<li class="toc-entry toc-h4"><a href="#kerberos-principals">Kerberos Principals</a></li>
+<li class="toc-entry toc-h5"><a href="#all-hosts-must-be-reachable-using-hostnames">All hosts must be reachable using hostnames</a></li>
+<li class="toc-entry toc-h3"><a href="#configuring-bookies">Configuring Bookies</a></li>
+<li class="toc-entry toc-h3"><a href="#configuring-clients">Configuring Clients</a></li>
+<li class="toc-entry toc-h2"><a href="#enabling-logging-for-sasl">Enabling Logging for SASL</a></li>
+</ul>
+</div>
+
+
+      
+    </div>
+  </div>
+</div>
+
+
+
+<div id="entry-popover-html" class="popover-template">
+  <p>An entry is a sequence of bytes (plus some metadata) written to a BookKeeper ledger. Entries are also known as records.</p>
+
+</div>
+
+<div id="ledger-popover-html" class="popover-template">
+  <p>A ledger is a sequence of entries written to BookKeeper. Entries are written sequentially to ledgers and at most once, giving ledgers append-only semantics.</p>
+
+</div>
+
+<div id="bookie-popover-html" class="popover-template">
+  <p>A bookie is an individial BookKeeper storage server.</p>
+
+<p>Bookies store the content of ledgers and act as a distributed ensemble.</p>
+
+</div>
+
+<div id="rereplication-popover-html" class="popover-template">
+  <p>A subsystem that runs in the background on bookies to ensure that ledgers are fully replicated even if one bookie from the ensemble is down.</p>
+
+</div>
+
+<div id="striping-popover-html" class="popover-template">
+  <p>Striping is the process of distributing BookKeeper ledgers to sub-groups of bookies rather than to all bookies in a BookKeeper ensemble.</p>
+
+<p>Striping is essential to ensuring fast performance.</p>
+
+</div>
+
+<div id="journal-popover-html" class="popover-template">
+  <p>A journal file stores BookKeeper transaction logs.</p>
+
+</div>
+
+<div id="fencing-popover-html" class="popover-template">
+  <p>When a reader forces a ledger to close, preventing any further entries from being written to the ledger.</p>
+
+</div>
+
+<div id="record-popover-html" class="popover-template">
+  <p>A record is a sequence of bytes (plus some metadata) written to a BookKeeper ledger. Records are also known as entries.</p>
+
+</div>
+
+
+<script type="text/javascript">
+
+tippy('#entry-popover', {
+  html: '#entry-popover-html',
+  arrow: true,
+  animation: 'fade'
+});
+
+tippy('#ledger-popover', {
+  html: '#ledger-popover-html',
+  arrow: true,
+  animation: 'fade'
+});
+
+tippy('#bookie-popover', {
+  html: '#bookie-popover-html',
+  arrow: true,
+  animation: 'fade'
+});
+
+tippy('#rereplication-popover', {
+  html: '#rereplication-popover-html',
+  arrow: true,
+  animation: 'fade'
+});
+
+tippy('#striping-popover', {
+  html: '#striping-popover-html',
+  arrow: true,
+  animation: 'fade'
+});
+
+tippy('#journal-popover', {
+  html: '#journal-popover-html',
+  arrow: true,
+  animation: 'fade'
+});
+
+tippy('#fencing-popover', {
+  html: '#fencing-popover-html',
+  arrow: true,
+  animation: 'fade'
+});
+
+tippy('#record-popover', {
+  html: '#record-popover-html',
+  arrow: true,
+  animation: 'fade'
+});
+
+</script>
+
+    </main>
+
+    <footer class="footer">
+  <div class="container">
+    <div class="content has-text-centered">
+      <p>
+        Copyright &copy; 2016 - 2017 <a href="https://www.apache.org/">The Apache Software Foundation</a>,<br /> licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, version 2.0</a>.
+      </p>
+    </div>
+  </div>
+</footer>
+
+  </body>
+
+  <script src="/test/content/js/app.js"></script>
+
+</html>
diff --git a/content/docs/security/tls/index.html b/content/docs/security/tls/index.html
new file mode 100644
index 0000000..a1c233a
--- /dev/null
+++ b/content/docs/security/tls/index.html
@@ -0,0 +1,790 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>Apache BookKeeper - Encryption and Authentication using TLS</title>
+
+<meta charset="utf-8">
+<meta http-equiv="X-UA-Compatible" content="IE=edge">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+
+<link rel="stylesheet" href="/test/content/css/normalize.css">
+<link rel="stylesheet" href="/test/content/css/tippy.css">
+<link rel="stylesheet" href="/test/content/css/style.css">
+
+<link rel="shortcut icon" href="/test/content/img/favicon.ico">
+
+<script src="/test/content/js/tippy.min.js"></script>
+
+<script type="text/javascript">
+  var shiftWindow = function() { scrollBy(0, -108); };
+  window.addEventListener("hashchange", shiftWindow);
+  window.addEventListener("pageshow", shiftWindow);
+  function load() { if (window.location.hash) shiftWindow(); }
+</script>
+
+  </head>
+  <body class="body">
+    <main class="main">
+      
+<nav class="navbar bk-topnav">
+  <div class="navbar-brand">
+    <a class="navbar-item bk-brand" href="/test/content/">
+      Apache BookKeeper
+    </a>
+
+    <!--
+    <a class="navbar-item is-hidden-desktop bk-github" href="https://github.com/apache/bookkeeper" target="_blank">
+      <span class="icon">
+        <i class="fa fa-github"></i>
+      </span>
+    </a>
+
+    <a class="navbar-item is-hidden-desktop bk-twitter" href="https://twitter.com/jgthms" target="_blank">
+      <span class="icon">
+        <i class="fa fa-twitter"></i>
+      </span>
+    </a>
+    -->
+
+    <div class="navbar-burger" data-target="bkNav">
+      <span></span>
+      <span></span>
+      <span></span>
+    </div>
+  </div>
+
+  <div id="bkNav" class="navbar-menu">
+    <div class="navbar-start">
+      <div class="navbar-item has-dropdown is-hoverable">
+        <a class="navbar-link">Documentation</a>
+        <div class="navbar-dropdown is-boxed">
+          <a class="navbar-item" href="/test/content/docs/latest/index.html">
+            Version 4.5.0-SNAPSHOT
+            <span class="tag is-warning">Development</span>
+          </a>
+          <a class="navbar-item" href="/test/content/docs/latest/api/javadoc">
+            <span class="icon bk-javadoc-icon">
+              <img src="/test/content/img/java-icon.svg">
+            </span>
+            Javadoc
+          </a>
+          <hr class="dropdown-divider">
+          
+          
+          <a class="navbar-item" href="/test/content/archives/docs/r4.4.0">
+            Release 4.4.0
+            <span class="tag is-success">Stable</span>
+          </a>
+          
+          <a class="navbar-item" href="/test/content/archives/docs/r4.3.2">
+            Release 4.3.2
+            
+          </a>
+          
+          <a class="navbar-item" href="/test/content/archives/docs/r4.3.1">
+            Release 4.3.1
+            
+          </a>
+          
+          <a class="navbar-item" href="/test/content/archives/docs/r4.3.0">
+            Release 4.3.0
+            
+          </a>
+          
+          <a class="navbar-item" href="/test/content/archives/docs/r4.2.4">
+            Release 4.2.4
+            
+          </a>
+          
+          <a class="navbar-item" href="/test/content/archives/docs/r4.2.3">
+            Release 4.2.3
+            
+          </a>
+          
+          <a class="navbar-item" href="/test/content/archives/docs/r4.2.2">
+            Release 4.2.2
+            
+          </a>
+          
+          <a class="navbar-item" href="/test/content/archives/docs/r4.2.1">
+            Release 4.2.1
+            
+          </a>
+          
+          <a class="navbar-item" href="/test/content/archives/docs/r4.2.0">
+            Release 4.2.0
+            
+          </a>
+          
+          <a class="navbar-item" href="/test/content/archives/docs/r4.1.0">
+            Release 4.1.0
+            
+          </a>
+          
+          <a class="navbar-item" href="/test/content/archives/docs/r4.0.0">
+            Release 4.0.0
+            
+          </a>
+          
+        </div>
+      </div>
+
+      <div class="navbar-item has-dropdown is-hoverable">
+        <a class="navbar-link">Community</a>
+        <div class="navbar-dropdown is-boxed">
+          <a class="navbar-item" href="/test/content/community/mailing-lists">Mailing lists</a>
+          <a class="navbar-item" href="/test/content/community/slack">Slack</a>
+          <a class="navbar-item" href="/test/content/community/contributing">Contributing</a>
+          <a class="navbar-item" href="https://issues.apache.org/jira/projects/BOOKKEEPER">JIRA Issue Tracker</a>
+        </div>
+      </div>
+
+      <div class="navbar-item has-dropdown is-hoverable">
+        <a class="navbar-link">Project</a>
+        <div class="navbar-dropdown is-boxed">
+          <a class="navbar-item" href="/test/content/project/who">Who are we?</a>
+          <a class="navbar-item" href="/test/content/project/bylaws">Bylaws</a>
+          <a class="navbar-item" href="http://www.apache.org/licenses/">License</a>
+          <hr class="dropdown-divider">
+          <a class="navbar-item" href="/test/content/project/privacy">Privacy policy</a>
+          <a class="navbar-item" href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a>
+          <a class="navbar-item" href="http://www.apache.org/foundation/thanks.html">Thanks</a>
+        </div>
+      </div>
+    </div>
+
+    <div class="navbar-end">
+      <div class="navbar-item">
+        <div class="field is-grouped">
+          <p class="control">
+            <a class="button bk-twitter" href="https://twitter.com/asfbookkeeper">
+              <span class="icon">
+                <i class="fa fa-twitter"></i>
+              </span>
+              <span>Twitter</span>
+            </a>
+          </p>
+          <p class="control">
+            <a class="button" href="https://github.com/apache/bookkeeper">
+              <span class="icon">
+                <i class="fa fa-github"></i>
+              </span>
+              <span>GitHub</span>
+            </a>
+          </p>
+          <p class="control">
+            <a class="button is-primary" href="/test/content/releases">
+              <span class="icon">
+                <i class="fa fa-download"></i>
+              </span>
+              <span>Download</span>
+            </a>
+          </p>
+        </div>
+      </div>
+    </div>
+  </div>
+</nav>
+
+
+      <div class="bk-docs-container">
+  <div class="columns is-gapless">
+    <div class="column is-2 is-hidden-mobile">
+      <div class="container">
+        
+<aside class="sidebar">
+  
+  <a class="button is-info">
+    Version : security
+  </a>
+  <hr />
+  
+  <p>
+    Getting started
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/security/getting-started/installation">
+      Installation
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/getting-started/run-locally">
+      Run bookies locally
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/getting-started/concepts">
+      Concepts and architecture
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
+    Deployment
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/security/deployment/manual">
+      Manual deployment
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/deployment/dcos">
+      BookKeeper on DC/OS
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
+    Administration
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/security/admin/bookies">
+      BookKeeper administration
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/admin/autorecovery">
+      AutoRecovery
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/admin/metrics">
+      Metric collection
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/admin/upgrade">
+      Upgrade
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
+    API
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/security/api/overview">
+      Overview
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/api/ledger-api">
+      Ledger API
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/api/ledger-adv-api">
+      Advanced Ledger API
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/api/distributedlog-api">
+      DistributedLog
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
+    Development
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/security/development/protocol">
+      BookKeeper protocol
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
+    Security
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/security/security/index">
+      Overview
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/security/tls">
+      TLS Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/security/sasl">
+      SASL Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/security/zookeeper">
+      ZooKeeper Authentication
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
+    Reference
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/security/reference/config">
+      Configuration
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/reference/cli">
+      Command-line tools
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/reference/metrics">
+      Metrics
+      </a>
+    </li>
+    
+  </ul>
+  
+</aside>
+
+
+      </div>
+    </div>
+
+    <div class="column is-8 bk-docs-block">
+      <header class="docs-title">
+        <nav class="level bk-level">
+          <div class="level-left">
+            <div class="level-item">
+              <h1 class="title">Encryption and Authentication using TLS</h1>
+            </div>
+          </div>
+          
+        </nav>
+
+        
+      </header>
+
+      <hr />
+
+      <div class="content">
+        <section class="bk-main-content">
+          <p>Apache BookKeeper allows clients and autorecovery daemons to communicate over TLS, although this is not enabled by default.</p>
+
+<h2 id="overview">Overview</h2>
+
+<p>The bookies need their own key and certificate in order to use TLS. Clients can optionally provide a key and a certificate
+for mutual authentication.  Each bookie or client can also be configured with a truststore, which is used to
+determine which certificates (bookie or client identities) to trust (authenticate).</p>
+
+<p>The truststore can be configured in many ways. To understand the truststore, consider the following two examples:</p>
+
+<ol>
+  <li>the truststore contains one or many certificates;</li>
+  <li>it contains a certificate authority (CA).</li>
+</ol>
+
+<p>In (1), with a list of certificates, the bookie or client will trust any certificate listed in the truststore.
+In (2), with a CA, the bookie or client will trust any certificate that was signed by the CA in the truststore.</p>
+
+<p>(TBD: benefits)</p>
+
+<h2 id="-generate-tls-key-and-certificate"><a name="bookie-keystore"></a> Generate TLS key and certificate</h2>
+
+<p>The first step of deploying TLS is to generate the key and the certificate for each machine in the cluster.
+You can use Java’s <code class="highlighter-rouge">keytool</code> utility to accomplish this task. We will generate the key into a temporary keystore
+initially so that we can export and sign it later with CA.</p>
+
+<div class="language-shell highlighter-rouge"><pre class="highlight"><code>keytool -keystore bookie.keystore.jks -alias localhost -validity <span class="o">{</span>validity<span class="o">}</span> -genkey
+</code></pre>
+</div>
+
+<p>You need to specify two parameters in the above command:</p>
+
+<ol>
+  <li><code class="highlighter-rouge">keystore</code>: the keystore file that stores the certificate. The <em>keystore</em> file contains the private key of
+ the certificate; hence, it needs to be kept safely.</li>
+  <li><code class="highlighter-rouge">validity</code>: the valid time of the certificate in days.</li>
+</ol>
+
+<div class="alert alert-success">
+Ensure that common name (CN) matches exactly with the fully qualified domain name (FQDN) of the server.
+The client compares the CN with the DNS domain name to ensure that it is indeed connecting to the desired server, not a malicious one.
+</div>
+
+<h2 id="creating-your-own-ca">Creating your own CA</h2>
+
+<p>After the first step, each machine in the cluster has a public-private key pair, and a certificate to identify the machine.
+The certificate, however, is unsigned, which means that an attacker can create such a certificate to pretend to be any machine.</p>
+
+<p>Therefore, it is important to prevent forged certificates by signing them for each machine in the cluster.
+A <code class="highlighter-rouge">certificate authority (CA)</code> is responsible for signing certificates. CA works likes a government that issues passports —
+the government stamps (signs) each passport so that the passport becomes difficult to forge. Other governments verify the stamps
+to ensure the passport is authentic. Similarly, the CA signs the certificates, and the cryptography guarantees that a signed
+certificate is computationally difficult to forge. Thus, as long as the CA is a genuine and trusted authority, the clients have
+high assurance that they are connecting to the authentic machines.</p>
+
+<div class="language-shell highlighter-rouge"><pre class="highlight"><code>openssl req -new -x509 -keyout ca-key -out ca-cert -days 365
+</code></pre>
+</div>
+
+<p>The generated CA is simply a <em>public-private</em> key pair and certificate, and it is intended to sign other certificates.</p>
+
+<p>The next step is to add the generated CA to the clients’ truststore so that the clients can trust this CA:</p>
+
+<div class="language-shell highlighter-rouge"><pre class="highlight"><code>keytool -keystore bookie.truststore.jks -alias CARoot -import -file ca-cert
+</code></pre>
+</div>
+
+<p>NOTE: If you configure the bookies to require client authentication by setting <code class="highlighter-rouge">sslClientAuthentication</code> to <code class="highlighter-rouge">true</code> on the
+<a href="../../reference/config">bookie config</a>, then you must also provide a truststore for the bookies and it should have all the CA
+certificates that clients keys were signed by.</p>
+
+<div class="language-shell highlighter-rouge"><pre class="highlight"><code>keytool -keystore client.truststore.jks -alias CARoot -import -file ca-cert
+</code></pre>
+</div>
+
+<p>In contrast to the keystore, which stores each machine’s own identity, the truststore of a client stores all the certificates
+that the client should trust. Importing a certificate into one’s truststore also means trusting all certificates that are signed
+by that certificate. As the analogy above, trusting the government (CA) also means trusting all passports (certificates) that
+it has issued. This attribute is called the chain of trust, and it is particularly useful when deploying TLS on a large BookKeeper cluster.
+You can sign all certificates in the cluster with a single CA, and have all machines share the same truststore that trusts the CA.
+That way all machines can authenticate all other machines.</p>
+
+<h2 id="signing-the-certificate">Signing the certificate</h2>
+
+<p>The next step is to sign all certificates in the keystore with the CA we generated. First, you need to export the certificate from the keystore:</p>
+
+<div class="language-shell highlighter-rouge"><pre class="highlight"><code>keytool -keystore bookie.keystore.jks -alias localhost -certreq -file cert-file
+</code></pre>
+</div>
+
+<p>Then sign it with the CA:</p>
+
+<div class="language-shell highlighter-rouge"><pre class="highlight"><code>openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-signed -days <span class="o">{</span>validity<span class="o">}</span> -CAcreateserial -passin pass:<span class="o">{</span>ca-password<span class="o">}</span>
+</code></pre>
+</div>
+
+<p>Finally, you need to import both the certificate of the CA and the signed certificate into the keystore:</p>
+
+<div class="language-shell highlighter-rouge"><pre class="highlight"><code>keytool -keystore bookie.keystore.jks -alias CARoot -import -file ca-cert
+keytool -keystore bookie.keystore.jks -alias localhost -import -file cert-signed
+</code></pre>
+</div>
+
+<p>The definitions of the parameters are the following:</p>
+
+<ol>
+  <li><code class="highlighter-rouge">keystore</code>: the location of the keystore</li>
+  <li><code class="highlighter-rouge">ca-cert</code>: the certificate of the CA</li>
+  <li><code class="highlighter-rouge">ca-key</code>: the private key of the CA</li>
+  <li><code class="highlighter-rouge">ca-password</code>: the passphrase of the CA</li>
+  <li><code class="highlighter-rouge">cert-file</code>: the exported, unsigned certificate of the bookie</li>
+  <li><code class="highlighter-rouge">cert-signed</code>: the signed certificate of the bookie</li>
+</ol>
+
+<p>(TBD: add a script to automatically generate truststores and keystores.)</p>
+
+<h2 id="configuring-bookies">Configuring Bookies</h2>
+
+<p>Bookies support TLS for connections on the same service port. In order to enable TLS, you need to configure <code class="highlighter-rouge">tlsProvider</code> to be either
+<code class="highlighter-rouge">JDK</code> or <code class="highlighter-rouge">OpenSSL</code>. If <code class="highlighter-rouge">OpenSSL</code> is configured, it will use <code class="highlighter-rouge">netty-tcnative-boringssl-static</code>, which loads a corresponding binding according
+to the platforms to run bookies.</p>
+
+<blockquote>
+  <p>Current <code class="highlighter-rouge">OpenSSL</code> implementation doesn’t depend on the system installed OpenSSL library. If you want to leverage the OpenSSL installed on
+the system, you can check <a href="http://netty.io/wiki/forked-tomcat-native.html">this example</a> on how to replaces the JARs on the classpath with
+netty bindings to leverage installed OpenSSL.</p>
+</blockquote>
+
+<p>The following TLS configs are needed on the bookie side:</p>
+
+<div class="language-shell highlighter-rouge"><pre class="highlight"><code><span class="nv">tlsProvider</span><span class="o">=</span>OpenSSL
+<span class="c"># key store</span>
+<span class="nv">tlsKeyStoreType</span><span class="o">=</span>JKS
+<span class="nv">tlsKeyStore</span><span class="o">=</span>/var/private/tls/bookie.keystore.jks
+<span class="nv">tlsKeyStorePasswordPath</span><span class="o">=</span>/var/private/tls/bookie.keystore.passwd
+<span class="c"># trust store</span>
+<span class="nv">tlsTrustStoreType</span><span class="o">=</span>JKS
+<span class="nv">tlsTrustStore</span><span class="o">=</span>/var/private/tls/bookie.truststore.jks
+<span class="nv">tlsTrustStorePasswordPath</span><span class="o">=</span>/var/private/tls/bookie.truststore.passwd
+</code></pre>
+</div>
+
+<p>NOTE: it is important to restrict access to the store files and corresponding password files via filesystem permissions.</p>
+
+<p>Optional settings that are worth considering:</p>
+
+<ol>
+  <li>tlsClientAuthentication=false: Enable/Disable using TLS for authentication. This config when enabled will authenticate the other end
+ of the communication channel. It should be enabled on both bookies and clients for mutual TLS.</li>
+  <li>tlsEnabledCipherSuites= A cipher suite is a named combination of authentication, encryption, MAC and key exchange
+ algorithm used to negotiate the security settings for a network connection using TLS network protocol. By default,
+ it is null. <a href="https://www.openssl.org/docs/man1.0.2/apps/ciphers.html">OpenSSL Ciphers</a>
+ <a href="http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites">JDK Ciphers</a></li>
+  <li>tlsEnabledProtocols = TLSv1.2,TLSv1.1,TLSv1 (list out the TLS protocols that you are going to accept from clients).
+ By default, it is not set.</li>
+</ol>
+
+<p>To verify the bookie’s keystore and truststore are setup correctly you can run the following command:</p>
+
+<div class="language-shell highlighter-rouge"><pre class="highlight"><code>openssl s_client -debug -connect localhost:3181 -tls1
+</code></pre>
+</div>
+
+<p>NOTE: TLSv1 should be listed under <code class="highlighter-rouge">tlsEnabledProtocols</code>.</p>
+
+<p>In the output of this command you should see the server’s certificate:</p>
+
+<div class="language-shell highlighter-rouge"><pre class="highlight"><code>-----BEGIN CERTIFICATE-----
+<span class="o">{</span>variable sized random bytes<span class="o">}</span>
+-----END CERTIFICATE-----
+</code></pre>
+</div>
+
+<p>If the certificate does not show up or if there are any other error messages then your keystore is not setup correctly.</p>
+
+<h2 id="configuring-clients">Configuring Clients</h2>
+
+<p>TLS is supported only for the new BookKeeper client (BookKeeper versions 4.5.0 and higher), the older clients are not
+supported. The configs for TLS will be the same as bookies.</p>
+
+<p>If client authentication is not required by the bookies, the following is a minimal configuration example:</p>
+
+<div class="language-shell highlighter-rouge"><pre class="highlight"><code><span class="nv">tlsProvider</span><span class="o">=</span>OpenSSL
+<span class="nv">clientTrustStore</span><span class="o">=</span>/var/private/tls/client.truststore.jks
+<span class="nv">clientTrustStorePasswordPath</span><span class="o">=</span>/var/private/tls/client.truststore.passwd
+</code></pre>
+</div>
+
+<p>If client authentication is required, then a keystore must be created for each client, and the bookies’ truststores must
+trust the certificate in the client’s keystore. This may be done using commands that are similar to what we used for
+the <a href="#bookie-keystore">bookie keystore</a>.</p>
+
+<p>And the following must also be configured:</p>
+
+<div class="language-shell highlighter-rouge"><pre class="highlight"><code><span class="nv">tlsClientAuthentication</span><span class="o">=</span><span class="nb">true
+</span><span class="nv">clientKeyStore</span><span class="o">=</span>/var/private/tls/client.keystore.jks
+<span class="nv">clientKeyStorePasswordPath</span><span class="o">=</span>/var/private/tls/client.keystore.passwd
+</code></pre>
+</div>
+
+<p>NOTE: it is important to restrict access to the store files and corresponding password files via filesystem permissions.</p>
+
+<p>(TBD: add example to use tls in bin/bookkeeper script?)</p>
+
+<h2 id="enabling-tls-logging">Enabling TLS Logging</h2>
+
+<p>You can enable TLS debug logging at the JVM level by starting the bookies and/or clients with <code class="highlighter-rouge">javax.net.debug</code> system property. For example:</p>
+
+<div class="language-shell highlighter-rouge"><pre class="highlight"><code>-Djavax.net.debug<span class="o">=</span>all
+</code></pre>
+</div>
+
+<p>You can find more details on this in <a href="http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/ReadDebug.html">Oracle documentation</a> on
+<a href="http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/ReadDebug.html">debugging SSL/TLS connections</a>.</p>
+
+        </section>
+
+        
+        <nav class="pagination is-centered">
+          
+          <a class="pagination-previous" href="../index.html">Previous</a>
+          
+          
+          <a class="pagination-next" href="../sasl">Next</a>
+          
+          <ul class="pagination-list"></ul>
+        </nav>
+        
+      </div>
+    </div>
+
+    <div class="column is-2 is-hidden-mobile">
+      
+      
+<div class="toc">
+  <h2 class="title">Encryption and Authentication using TLS</h2>
+  <ul class="section-nav">
+<li class="toc-entry toc-h2"><a href="#overview">Overview</a></li>
+<li class="toc-entry toc-h2"><a href="#-generate-tls-key-and-certificate"> Generate TLS key and certificate</a></li>
+<li class="toc-entry toc-h2"><a href="#creating-your-own-ca">Creating your own CA</a></li>
+<li class="toc-entry toc-h2"><a href="#signing-the-certificate">Signing the certificate</a></li>
+<li class="toc-entry toc-h2"><a href="#configuring-bookies">Configuring Bookies</a></li>
+<li class="toc-entry toc-h2"><a href="#configuring-clients">Configuring Clients</a></li>
+<li class="toc-entry toc-h2"><a href="#enabling-tls-logging">Enabling TLS Logging</a></li>
+</ul>
+</div>
+
+
+      
+    </div>
+  </div>
+</div>
+
+
+
+<div id="entry-popover-html" class="popover-template">
+  <p>An entry is a sequence of bytes (plus some metadata) written to a BookKeeper ledger. Entries are also known as records.</p>
+
+</div>
+
+<div id="ledger-popover-html" class="popover-template">
+  <p>A ledger is a sequence of entries written to BookKeeper. Entries are written sequentially to ledgers and at most once, giving ledgers append-only semantics.</p>
+
+</div>
+
+<div id="bookie-popover-html" class="popover-template">
+  <p>A bookie is an individial BookKeeper storage server.</p>
+
+<p>Bookies store the content of ledgers and act as a distributed ensemble.</p>
+
+</div>
+
+<div id="rereplication-popover-html" class="popover-template">
+  <p>A subsystem that runs in the background on bookies to ensure that ledgers are fully replicated even if one bookie from the ensemble is down.</p>
+
+</div>
+
+<div id="striping-popover-html" class="popover-template">
+  <p>Striping is the process of distributing BookKeeper ledgers to sub-groups of bookies rather than to all bookies in a BookKeeper ensemble.</p>
+
+<p>Striping is essential to ensuring fast performance.</p>
+
+</div>
+
+<div id="journal-popover-html" class="popover-template">
+  <p>A journal file stores BookKeeper transaction logs.</p>
+
+</div>
+
+<div id="fencing-popover-html" class="popover-template">
+  <p>When a reader forces a ledger to close, preventing any further entries from being written to the ledger.</p>
+
+</div>
+
+<div id="record-popover-html" class="popover-template">
+  <p>A record is a sequence of bytes (plus some metadata) written to a BookKeeper ledger. Records are also known as entries.</p>
+
+</div>
+
+
+<script type="text/javascript">
+
+tippy('#entry-popover', {
+  html: '#entry-popover-html',
+  arrow: true,
+  animation: 'fade'
+});
+
+tippy('#ledger-popover', {
+  html: '#ledger-popover-html',
+  arrow: true,
+  animation: 'fade'
+});
+
+tippy('#bookie-popover', {
+  html: '#bookie-popover-html',
+  arrow: true,
+  animation: 'fade'
+});
+
+tippy('#rereplication-popover', {
+  html: '#rereplication-popover-html',
+  arrow: true,
+  animation: 'fade'
+});
+
+tippy('#striping-popover', {
+  html: '#striping-popover-html',
+  arrow: true,
+  animation: 'fade'
+});
+
+tippy('#journal-popover', {
+  html: '#journal-popover-html',
+  arrow: true,
+  animation: 'fade'
+});
+
+tippy('#fencing-popover', {
+  html: '#fencing-popover-html',
+  arrow: true,
+  animation: 'fade'
+});
+
+tippy('#record-popover', {
+  html: '#record-popover-html',
+  arrow: true,
+  animation: 'fade'
+});
+
+</script>
+
+    </main>
+
+    <footer class="footer">
+  <div class="container">
+    <div class="content has-text-centered">
+      <p>
+        Copyright &copy; 2016 - 2017 <a href="https://www.apache.org/">The Apache Software Foundation</a>,<br /> licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, version 2.0</a>.
+      </p>
+    </div>
+  </div>
+</footer>
+
+  </body>
+
+  <script src="/test/content/js/app.js"></script>
+
+</html>
diff --git a/content/docs/latest/getting-started/run-locally/index.html b/content/docs/security/zookeeper/index.html
similarity index 66%
copy from content/docs/latest/getting-started/run-locally/index.html
copy to content/docs/security/zookeeper/index.html
index 6b62c45..e2a86f1 100644
--- a/content/docs/latest/getting-started/run-locally/index.html
+++ b/content/docs/security/zookeeper/index.html
@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 <html>
   <head>
-    <title>Apache BookKeeper - Run bookies locally</title>
+    <title>Apache BookKeeper - ZooKeeper Authentication</title>
 
 <meta charset="utf-8">
 <meta http-equiv="X-UA-Compatible" content="IE=edge">
@@ -195,7 +195,7 @@
 <aside class="sidebar">
   
   <a class="button is-info">
-    Version : latest
+    Version : security
   </a>
   <hr />
   
@@ -206,21 +206,21 @@
     
     
     <li>
-      <a href="/test/content/docs/latest/getting-started/installation">
+      <a href="/test/content/docs/security/getting-started/installation">
       Installation
       </a>
     </li>
     
     
     <li>
-      <a href="/test/content/docs/latest/getting-started/run-locally">
+      <a href="/test/content/docs/security/getting-started/run-locally">
       Run bookies locally
       </a>
     </li>
     
     
     <li>
-      <a href="/test/content/docs/latest/getting-started/concepts">
+      <a href="/test/content/docs/security/getting-started/concepts">
       Concepts and architecture
       </a>
     </li>
@@ -234,14 +234,14 @@
     
     
     <li>
-      <a href="/test/content/docs/latest/deployment/manual">
+      <a href="/test/content/docs/security/deployment/manual">
       Manual deployment
       </a>
     </li>
     
     
     <li>
-      <a href="/test/content/docs/latest/deployment/dcos">
+      <a href="/test/content/docs/security/deployment/dcos">
       BookKeeper on DC/OS
       </a>
     </li>
@@ -255,28 +255,28 @@
     
     
     <li>
-      <a href="/test/content/docs/latest/admin/bookies">
+      <a href="/test/content/docs/security/admin/bookies">
       BookKeeper administration
       </a>
     </li>
     
     
     <li>
-      <a href="/test/content/docs/latest/admin/autorecovery">
+      <a href="/test/content/docs/security/admin/autorecovery">
       AutoRecovery
       </a>
     </li>
     
     
     <li>
-      <a href="/test/content/docs/latest/admin/metrics">
+      <a href="/test/content/docs/security/admin/metrics">
       Metric collection
       </a>
     </li>
     
     
     <li>
-      <a href="/test/content/docs/latest/admin/upgrade">
+      <a href="/test/content/docs/security/admin/upgrade">
       Upgrade
       </a>
     </li>
@@ -290,28 +290,28 @@
     
     
     <li>
-      <a href="/test/content/docs/latest/api/overview">
+      <a href="/test/content/docs/security/api/overview">
       Overview
       </a>
     </li>
     
     
     <li>
-      <a href="/test/content/docs/latest/api/ledger-api">
+      <a href="/test/content/docs/security/api/ledger-api">
       Ledger API
       </a>
     </li>
     
     
     <li>
-      <a href="/test/content/docs/latest/api/ledger-adv-api">
+      <a href="/test/content/docs/security/api/ledger-adv-api">
       Advanced Ledger API
       </a>
     </li>
     
     
     <li>
-      <a href="/test/content/docs/latest/api/distributedlog-api">
+      <a href="/test/content/docs/security/api/distributedlog-api">
       DistributedLog
       </a>
     </li>
@@ -325,7 +325,7 @@
     
     
     <li>
-      <a href="/test/content/docs/latest/development/protocol">
+      <a href="/test/content/docs/security/development/protocol">
       BookKeeper protocol
       </a>
     </li>
@@ -333,27 +333,62 @@
   </ul>
   
   <p>
+    Security
+  </p>
+  <ul class="sidebar-items">
+    
+    
+    <li>
+      <a href="/test/content/docs/security/security/index">
+      Overview
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/security/tls">
+      TLS Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/security/sasl">
+      SASL Authentication
+      </a>
+    </li>
+    
+    
+    <li>
+      <a href="/test/content/docs/security/security/zookeeper">
+      ZooKeeper Authentication
+      </a>
+    </li>
+    
+  </ul>
+  
+  <p>
     Reference
   </p>
   <ul class="sidebar-items">
     
     
     <li>
-      <a href="/test/content/docs/latest/reference/config">
+      <a href="/test/content/docs/security/reference/config">
       Configuration
       </a>
     </li>
     
     
     <li>
-      <a href="/test/content/docs/latest/reference/cli">
+      <a href="/test/content/docs/security/reference/cli">
       Command-line tools
       </a>
     </li>
     
     
     <li>
-      <a href="/test/content/docs/latest/reference/metrics">
+      <a href="/test/content/docs/security/reference/metrics">
       Metrics
       </a>
     </li>
@@ -371,7 +406,7 @@
         <nav class="level bk-level">
           <div class="level-left">
             <div class="level-item">
-              <h1 class="title">Run bookies locally</h1>
+              <h1 class="title">ZooKeeper Authentication</h1>
             </div>
           </div>
           
@@ -384,27 +419,58 @@
 
       <div class="content">
         <section class="bk-main-content">
-          <p><span class="pop" id="bookie-popover">Bookies</span> are individual BookKeeper servers. You can run an ensemble of bookies locally on a single machine using the <a href="../../reference/cli#bookkeeper-localbookie"><code class="highlighter-rouge">localbookie</code></a> command of the <code class="highlighter-rouge">bookkeeper</code> CLI tool and specifying the number of bookies you’d like to include in the ensemble.</p>
+          <h2 id="new-clusters">New Clusters</h2>
 
-<p>This would start up an ensemble with 10 bookies:</p>
+<p>To enable <code class="highlighter-rouge">ZooKeeper</code> authentication on Bookies or Clients, there are two necessary steps:</p>
 
-<div class="language-shell highlighter-rouge"><pre class="highlight"><code><span class="gp">$ </span>bookeeper-server/bin/bookeeper localbookie 10
-</code></pre>
-</div>
+<ol>
+  <li>Create a <code class="highlighter-rouge">JAAS</code> login file and set the appropriate system property to point to it as described in <a href="../sasl#notes">GSSAPI (Kerberos)</a>.</li>
+  <li>Set the configuration property <code class="highlighter-rouge">zkEnableSecurity</code> in each bookie to <code class="highlighter-rouge">true</code>.</li>
+</ol>
+
+<p>The metadata stored in <code class="highlighter-rouge">ZooKeeper</code> is such that only certain clients will be able to modify and read the corresponding znodes.
+The rationale behind this decision is that the data stored in ZooKeeper is not sensitive, but inappropriate manipulation of znodes can cause cluster
+disruption.</p>
+
+<h2 id="migrating-clusters">Migrating Clusters</h2>
+
+<p>If you are running a version of BookKeeper that does not support security or simply with security disabled, and you want to make the cluster secure,
+then you need to execute the following steps to enable ZooKeeper authentication with minimal disruption to your operations.</p>
+
+<ol>
+  <li>Perform a rolling restart setting the <code class="highlighter-rouge">JAAS</code> login file, which enables bookie or clients to authenticate. At the end of the rolling restart,
+ bookies (or clients) are able to manipulate znodes with strict ACLs, but they will not create znodes with those ACLs.</li>
+  <li>Perform a second rolling restart of bookies, this time setting the configuration parameter <code class="highlighter-rouge">zkEnableSecurity</code> to true, which enables the use
+ of secure ACLs when creating znodes.</li>
+  <li>Currently we don’t have provide a tool to set acls on old znodes. You are recommended to set it manually using ZooKeeper tools.</li>
+</ol>
 
-<blockquote>
-  <p>When you start up an ensemble using <code class="highlighter-rouge">localbookie</code>, all bookies run in a single JVM process.</p>
-</blockquote>
+<p>It is also possible to turn off authentication in a secured cluster. To do it, follow these steps:</p>
+
+<ol>
+  <li>Perform a rolling restart of bookies setting the <code class="highlighter-rouge">JAAS</code> login file, which enable bookies to authenticate, but setting <code class="highlighter-rouge">zkEnableSecurity</code> to <code class="highlighter-rouge">false</code>.
+ At the end of rolling restart, bookies stop creating znodes with secure ACLs, but are still able to authenticate and manipulate all znodes.</li>
+  <li>You can use ZooKeeper tools to manually reset all ACLs under the znode set in <code class="highlighter-rouge">zkLedgersRootPath</code>, which defaults to <code class="highlighter-rouge">/ledgers</code>.</li>
+  <li>Perform a second rolling restart of bookies, this time omitting the system property that sets the <code class="highlighter-rouge">JAAS</code> login file.</li>
+</ol>
+
+<h2 id="migrating-the-zookeeper-ensemble">Migrating the ZooKeeper ensemble</h2>
+
+<p>It is also necessary to enable authentication on the <code class="highlighter-rouge">ZooKeeper</code> ensemble. To do it, we need to perform a rolling restart of the ensemble and
+set a few properties. Please refer to the ZooKeeper documentation for more details.</p>
+
+<ol>
+  <li><a href="http://zookeeper.apache.org/doc/r3.4.6/zookeeperProgrammers.html#sc_ZooKeeperAccessControl">Apache ZooKeeper Documentation</a></li>
+  <li><a href="https://cwiki.apache.org/confluence/display/ZOOKEEPER/Zookeeper+and+SASL">Apache ZooKeeper Wiki</a></li>
+</ol>
 
         </section>
 
         
         <nav class="pagination is-centered">
           
-          <a class="pagination-previous" href="../installation">Previous</a>
-          
+          <a class="pagination-previous" href="../sasl">Previous</a>
           
-          <a class="pagination-next" href="../concepts">Next</a>
           
           <ul class="pagination-list"></ul>
         </nav>
@@ -414,6 +480,18 @@
 
     <div class="column is-2 is-hidden-mobile">
       
+      
+<div class="toc">
+  <h2 class="title">ZooKeeper Authentication</h2>
+  <ul class="section-nav">
+<li class="toc-entry toc-h2"><a href="#new-clusters">New Clusters</a></li>
+<li class="toc-entry toc-h2"><a href="#migrating-clusters">Migrating Clusters</a></li>
+<li class="toc-entry toc-h2"><a href="#migrating-the-zookeeper-ensemble">Migrating the ZooKeeper ensemble</a></li>
+</ul>
+</div>
+
+
+      
     </div>
   </div>
 </div>

-- 
To stop receiving notification emails like this one, please contact
['"commits@bookkeeper.apache.org" <commits@bookkeeper.apache.org>'].

Mime
View raw message