nodece commented on code in PR #432: URL: https://github.com/apache/pulsar-site/pull/432#discussion_r1118803274
########## docs/security-tls-authentication.md: ########## @@ -1,45 +1,92 @@ --- id: security-tls-authentication -title: Authentication using TLS -sidebar_label: "Authentication using TLS" +title: Authentication using mTLS +sidebar_label: "Authentication using mTLS" --- ````mdx-code-block import Tabs from '@theme/Tabs'; import TabItem from '@theme/TabItem'; ```` -## TLS authentication overview +## mTLS authentication overview -TLS authentication is an extension of [TLS transport encryption](security-tls-transport.md). Not only servers have keys and certs that the client uses to verify the identity of servers, clients also have keys and certs that the server uses to verify the identity of clients. You must have TLS transport encryption configured on your cluster before you can use TLS authentication. This guide assumes you already have TLS transport encryption configured. +Mutual TLS (mTLS) is a mutual authentication mechanism. Not only servers have keys and certs that the client uses to verify the identity of servers, clients also have keys and certs that the server uses to verify the identity of clients. -## Enable TLS authentication on brokers/proxies +The following figure illustrates how Pulsar processes mTLS authentication between clients and servers. -To configure brokers/proxies to authenticate clients using Mutual TLS, add the following parameters to the `conf/broker.conf` and the `conf/proxy.conf` file. If you use a standalone Pulsar, you need to add these parameters to the `conf/standalone.conf` file: + + +## Enable mTLS authentication on brokers + +To configure brokers to authenticate clients using mTLS, add the following parameters to the `conf/broker.conf`. If you use a standalone Pulsar, you need to add these parameters to the `conf/standalone.conf` file: ```properties -# Configuration to enable authentication +# enable authentication authenticationEnabled=true +# set TLS authentication plugin Review Comment: ```suggestion # set TLS authentication provider ``` ########## docs/security-tls-authentication.md: ########## @@ -1,45 +1,92 @@ --- id: security-tls-authentication -title: Authentication using TLS -sidebar_label: "Authentication using TLS" +title: Authentication using mTLS +sidebar_label: "Authentication using mTLS" --- ````mdx-code-block import Tabs from '@theme/Tabs'; import TabItem from '@theme/TabItem'; ```` -## TLS authentication overview +## mTLS authentication overview -TLS authentication is an extension of [TLS transport encryption](security-tls-transport.md). Not only servers have keys and certs that the client uses to verify the identity of servers, clients also have keys and certs that the server uses to verify the identity of clients. You must have TLS transport encryption configured on your cluster before you can use TLS authentication. This guide assumes you already have TLS transport encryption configured. +Mutual TLS (mTLS) is a mutual authentication mechanism. Not only servers have keys and certs that the client uses to verify the identity of servers, clients also have keys and certs that the server uses to verify the identity of clients. -## Enable TLS authentication on brokers/proxies +The following figure illustrates how Pulsar processes mTLS authentication between clients and servers. -To configure brokers/proxies to authenticate clients using Mutual TLS, add the following parameters to the `conf/broker.conf` and the `conf/proxy.conf` file. If you use a standalone Pulsar, you need to add these parameters to the `conf/standalone.conf` file: + + +## Enable mTLS authentication on brokers + +To configure brokers to authenticate clients using mTLS, add the following parameters to the `conf/broker.conf`. If you use a standalone Pulsar, you need to add these parameters to the `conf/standalone.conf` file: ```properties -# Configuration to enable authentication +# enable authentication authenticationEnabled=true +# set TLS authentication plugin Review Comment: ```suggestion # set mTLS authentication provider ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
