bbende commented on a change in pull request #3360: Documentation :
ConsumerKafka_2_0 - updated configuration details re…
URL: https://github.com/apache/nifi/pull/3360#discussion_r264765536
##########
File path:
nifi-nar-bundles/nifi-kafka-bundle/nifi-kafka-2-0-processors/src/main/resources/docs/org.apache.nifi.processors.kafka.pubsub.ConsumeKafkaRecord_2_0/additionalDetails.html
##########
@@ -112,16 +126,59 @@ <h4>SASL_PLAINTEXT - PLAIN</h4>
password="nifi-password";
};
</pre>
+ The JAAS configuration can be provided by either of below ways
+ <ol type="1">
+ <li>specify the java.security.auth.login.config system property in
+ NiFi's bootstrap.conf. This limits you to use only one user
credential across the cluster.</li>
+ <pre>
+
java.arg.16=-Djava.security.auth.login.config=/path/to/kafka_client_jaas.conf
+ </pre>
+ <li>add user attribute 'sasl.jaas.config' in the processor
configurations. This method allows one to have multiple consumers with
different user credentials or gives flexibility to consume from multiple kafka
clusters.</li>
+ <pre>
+ sasl.jaas.config :
org.apache.kafka.common.security.plain.PlainLoginModule required
+ username="nifi"
+ password="nifi-password";
+ </pre>
Review comment:
Can we make a note right after this pre element and say that the password
will be stored in plain-text in the flow.xml.gz? I want to make sure users are
aware that this value won't be secured in any way.
Here is the text I would use...
> NOTE: The dynamic properties of this processor are not secured and as a
result the password entered when utilizing sasl.jaas.config will be stored in
the flow.xml.gz file in plain-text, and will be saved to NiFi Registry if using
versioned flows.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
