showuon commented on a change in pull request #10002:
URL: https://github.com/apache/kafka/pull/10002#discussion_r570831039
##########
File path: docs/security.html
##########
@@ -320,10 +320,10 @@ <h5>SSL key and certificates in PEM format</h5>
<pre>listeners</code></pre>
If SSL is not enabled for inter-broker communication (see below
for how to enable it), both PLAINTEXT and SSL ports will be necessary.
- <pre class="line-numbers"><code class="language-text">
listeners=PLAINTEXT://host.name:port,SSL://host.name:port</code></pre>
+ <pre class="line-numbers"><code
class="language-text">listeners=PLAINTEXT://host.name:port,SSL://host.name:port</code></pre>
Following SSL configs are needed on the broker side
- <pre class="line-numbers"><code class="language-text">
ssl.keystore.location=/var/private/ssl/server.keystore.jks
+ <pre class="line-numbers"><code
class="language-text">ssl.keystore.location=/var/private/ssl/server.keystore.jks
Review comment:
Nice catch! Updated!
##########
File path: docs/security.html
##########
@@ -434,14 +434,14 @@ <h3 class="anchor-heading"><a id="security_sasl"
class="anchor-link"></a><a href
login module may be specified in the config value. If multiple
mechanisms are configured on a
listener, configs must be provided for each mechanism using the
listener and mechanism prefix.
For example,
- <pre class="line-numbers"><code class="language-text">
listener.name.sasl_ssl.scram-sha-256.sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule
required \
- username="admin" \
- password="admin-secret";
-
listener.name.sasl_ssl.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule
required \
- username="admin" \
- password="admin-secret" \
- user_admin="admin-secret" \
- user_alice="alice-secret";</code></pre>
+ <pre class="line-numbers"><code
class="language-text">listener.name.sasl_ssl.scram-sha-256.sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule
required \
+ username="admin" \
+ password="admin-secret";
+listener.name.sasl_ssl.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule
required \
+ username="admin" \
+ password="admin-secret" \
+ user_admin="admin-secret" \
+ user_alice="alice-secret";</code></pre>
Review comment:
We use the ending "\" to indicate there is next line, so there should be
indent here. And same as other places.
##########
File path: docs/security.html
##########
@@ -491,13 +491,13 @@ <h3 class="anchor-heading"><a id="security_sasl"
class="anchor-link"></a><a href
<a
href="#security_sasl_oauthbearer_clientconfig">OAUTHBEARER</a>.
For example, <a
href="#security_sasl_gssapi_clientconfig">GSSAPI</a>
credentials may be configured as:
- <pre class="line-numbers"><code class="language-text">
KafkaClient {
- com.sun.security.auth.module.Krb5LoginModule required
- useKeyTab=true
- storeKey=true
- keyTab="/etc/security/keytabs/kafka_client.keytab"
- principal="kafka-clien...@example.com";
- };</code></pre>
+ <pre class="line-numbers"><code
class="language-text">KafkaClient {
+ com.sun.security.auth.module.Krb5LoginModule required
+ useKeyTab=true
+ storeKey=true
+ keyTab="/etc/security/keytabs/kafka_client.keytab"
+ principal="kafka-clien...@example.com";
+};</code></pre>
Review comment:
We wrapped in curly brackets, so need indent here, and same as other
places.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
