kafka-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jun...@apache.org
Subject kafka git commit: trivial change to 0.9.0 docs to fix incorrect ssl.key.password
Date Fri, 20 Nov 2015 21:47:42 GMT
Repository: kafka
Updated Branches:
  refs/heads/trunk b609645dc -> a7726ee65


trivial change to 0.9.0 docs to fix incorrect ssl.key.password


Project: http://git-wip-us.apache.org/repos/asf/kafka/repo
Commit: http://git-wip-us.apache.org/repos/asf/kafka/commit/a7726ee6
Tree: http://git-wip-us.apache.org/repos/asf/kafka/tree/a7726ee6
Diff: http://git-wip-us.apache.org/repos/asf/kafka/diff/a7726ee6

Branch: refs/heads/trunk
Commit: a7726ee651ac3b23fd5a4925b9a324c3462ea127
Parents: b609645
Author: Jun Rao <junrao@gmail.com>
Authored: Fri Nov 20 13:46:15 2015 -0800
Committer: Jun Rao <junrao@gmail.com>
Committed: Fri Nov 20 13:47:27 2015 -0800

----------------------------------------------------------------------
 docs/security.html | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/kafka/blob/a7726ee6/docs/security.html
----------------------------------------------------------------------
diff --git a/docs/security.html b/docs/security.html
index b697d53..b49fbed 100644
--- a/docs/security.html
+++ b/docs/security.html
@@ -115,7 +115,7 @@ Apache Kafka allows clients to connect over SSL. By default SSL is disabled
but
         <pre>
         ssl.keystore.location = /var/private/ssl/kafka.server.keystore.jks
         ssl.keystore.password = test1234
-        ssl.key.password = test1234
+        ssl.keystore.password = test1234
         ssl.truststore.location = /var/private/ssl/kafka.server.truststore.jks
         ssl.truststore.password = test1234</pre>
 
@@ -163,7 +163,7 @@ Apache Kafka allows clients to connect over SSL. By default SSL is disabled
but
         <pre>
         ssl.keystore.location = "/var/private/ssl/kafka.client.keystore.jks"
         ssl.keystore.password = "test1234"
-        ssl.key.password = "test1234"</pre>
+        ssl.keystore.password = "test1234"</pre>
         Other configuration settings that may also be needed depending on our requirements
and the broker configuration:
             <ol>
                 <li>ssl.provider (Optional). The name of the security provider used
for SSL connections. Default value is the default security provider of the JVM.</li>
@@ -276,9 +276,9 @@ Apache Kafka allows clients to connect over SSL. By default SSL is disabled
but
 </ol>
 
 <h3><a id="security_authz" href="#security_authz">7.4 Authorization and ACLs</a></h3>
-Kafka ships with a pluggable Authorizer and an out-of-box authorizer implementation that
uses zookeeper to store all the acls. Kafka acls are defined in the general format of "Principal
P is [Allowed/Denied] Operation O From Host H On Resource R". You can read more about the
acl structure on KIP-11. In order to add, remove or list acls you can use the Kafka authorizer
CLI. By default, if a Resource R has no associated acls, no one other than super users is
allowed to access R. If you want change that behavior, you can include the following in broker.properties.
+Kafka ships with a pluggable Authorizer and an out-of-box authorizer implementation that
uses zookeeper to store all the acls. Kafka acls are defined in the general format of "Principal
P is [Allowed/Denied] Operation O From Host H On Resource R". You can read more about the
acl structure on KIP-11. In order to add, remove or list acls you can use the Kafka authorizer
CLI. By default, if a Resource R has no associated acls, no one other than super users is
allowed to access R. If you want to change that behavior, you can include the following in
broker.properties.
 <pre>allow.everyone.if.no.acl.found=true</pre>
-One can also add super users in broker.properties like the following.
+One can also add super users in broker.properties like the following (note that the delimiter
is semicolon since SSL user names may contain comma).
 <pre>super.users=User:Bob;User:Alice</pre>
 By default, the SSL user name will be of the form "CN=writeuser,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown".
One can change that by setting a customized PrincipalBuilder in broker.properties like the
following.
 <pre>principal.builder.class=CustomizedPrincipalBuilderClass</pre>


Mime
View raw message