bbende commented on a change in pull request #3360: Documentation :  
ConsumerKafka_2_0 - updated configuration details re…
URL: https://github.com/apache/nifi/pull/3360#discussion_r264765536
 
 

 ##########
 File path: 
nifi-nar-bundles/nifi-kafka-bundle/nifi-kafka-2-0-processors/src/main/resources/docs/org.apache.nifi.processors.kafka.pubsub.ConsumeKafkaRecord_2_0/additionalDetails.html
 ##########
 @@ -112,16 +126,59 @@ <h4>SASL_PLAINTEXT - PLAIN</h4>
       password="nifi-password";
     };
             </pre>
+        The JAAS configuration can be provided by either of below ways
+        <ol type="1">
+            <li>specify the java.security.auth.login.config system property in
+                NiFi's bootstrap.conf. This limits you to use only one user 
credential across the cluster.</li>
+            <pre>
+                
java.arg.16=-Djava.security.auth.login.config=/path/to/kafka_client_jaas.conf
+            </pre>
+            <li>add user attribute 'sasl.jaas.config' in the processor 
configurations. This method allows one to have multiple consumers with 
different user credentials or gives flexibility to consume from multiple kafka 
clusters.</li>
+            <pre>
+                sasl.jaas.config : 
org.apache.kafka.common.security.plain.PlainLoginModule required
+                                        username="nifi"
+                                        password="nifi-password";
+            </pre>
 
 Review comment:
   Can we make a note right after this pre element and say that the password 
will be stored in plain-text in the flow.xml.gz? I want to make sure users are 
aware that this value won't be secured in any way.
   
   Here is the text I would use...
   
   > NOTE: The dynamic properties of this processor are not secured and as a 
result the password entered when utilizing sasl.jaas.config will be stored in 
the flow.xml.gz file in plain-text, and will be saved to NiFi Registry if using 
versioned flows.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to