This is an automated email from the ASF dual-hosted git repository.
junrao pushed a commit to branch 2.1
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/2.1 by this push:
new 4fe48f3 KAFKA-3097: Update docs to mention PrincipalType "User" is
case sensitive (#5734)
4fe48f3 is described below
commit 4fe48f36a276f8875241feab61ce618d5cdced80
Author: Manikumar Reddy O <manikumar.re...@gmail.com>
AuthorDate: Wed Oct 10 00:22:57 2018 +0530
KAFKA-3097: Update docs to mention PrincipalType "User" is case sensitive
(#5734)
Reviewers: Jun Rao <jun...@gmail.com>
---
docs/security.html | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/docs/security.html b/docs/security.html
index 72ba239..b018334 100644
--- a/docs/security.html
+++ b/docs/security.html
@@ -1018,7 +1018,7 @@
<pre>authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer</pre>
Kafka acls are defined in the general format of "Principal P is
[Allowed/Denied] Operation O From Host H on any Resource R matching
ResourcePattern RP". You can read more about the acl structure in KIP-11 and
resource patterns in KIP-290. In order to add, remove or list acls you can use
the Kafka authorizer CLI. By default, if no ResourcePatterns match a specific
Resource R, then R has no associated acls, and therefore no one other than
super users is allowed to access R. If you want [...]
<pre>allow.everyone.if.no.acl.found=true</pre>
- One can also add super users in server.properties like the following (note
that the delimiter is semicolon since SSL user names may contain comma).
+ One can also add super users in server.properties like the following (note
that the delimiter is semicolon since SSL user names may contain comma).
Default PrincipalType string "User" is case sensitive.
<pre>super.users=User:Bob;User:Alice</pre>
By default, the SSL user name will be of the form
"CN=writeuser,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown". One can
change that by setting a customized PrincipalBuilder in server.properties like
the following.
<pre>principal.builder.class=CustomizedPrincipalBuilderClass</pre>
@@ -1119,19 +1119,19 @@
</tr>
<tr>
<td>--allow-principal</td>
- <td>Principal is in PrincipalType:name format that will be added
to ACL with Allow permission. <br>You can specify multiple --allow-principal in
a single command.</td>
+ <td>Principal is in PrincipalType:name format that will be added
to ACL with Allow permission. Default PrincipalType string "User" is case
sensitive. <br>You can specify multiple --allow-principal in a single
command.</td>
<td></td>
<td>Principal</td>
</tr>
<tr>
<td>--deny-principal</td>
- <td>Principal is in PrincipalType:name format that will be added
to ACL with Deny permission. <br>You can specify multiple --deny-principal in a
single command.</td>
+ <td>Principal is in PrincipalType:name format that will be added
to ACL with Deny permission. Default PrincipalType string "User" is case
sensitive. <br>You can specify multiple --deny-principal in a single
command.</td>
<td></td>
<td>Principal</td>
</tr>
<tr>
<td>--principal</td>
- <td>Principal is in PrincipalType:name format that will be used
along with --list option. This will list the ACLs for the specified principal.
<br>You can specify multiple --principal in a single command.</td>
+ <td>Principal is in PrincipalType:name format that will be used
along with --list option. Default PrincipalType string "User" is case
sensitive. This will list the ACLs for the specified principal. <br>You can
specify multiple --principal in a single command.</td>
<td></td>
<td>Principal</td>
</tr>
