Github user d2r commented on a diff in the pull request:
https://github.com/apache/storm/pull/2886#discussion_r226364665
--- Diff: docs/SECURITY.md ---
@@ -94,6 +110,17 @@ curl -i --negotiate -u:anyUser -b ~/cookiejar.txt -c
~/cookiejar.txt http://s
**Caution**: In AD MIT Keberos setup the key size is bigger than the
default UI jetty server request header size. Make sure you set
ui.header.buffer.bytes to 65536 in storm.yaml. More details are on
[STORM-633](https://issues.apache.org/jira/browse/STORM-633)
+## DRPC HTTP
+
+The DRPC server optionally supports a REST endpoint as well, and you can
configure authentication
+on that endpoint similar to the ui/logviewer.
+
+The `drpc.http.filter` and `drpc.http.filter.params` configs can be used
to setup a `Filter` for the DRPC server. Unlike the logviewer
+it does not fall back to the UI configs as the DRPC server is intended to
be REST only and often will be hit by headless users.
+
+The `drpc.http.creds.plugin` confg can be used in cases where the default
plugin is not good enough because of how authentication happens.
--- End diff --
`config`
---
