jlprat commented on a change in pull request #10770:
URL: https://github.com/apache/kafka/pull/10770#discussion_r640516748
##########
File path: docs/security.html
##########
@@ -443,134 +443,133 @@ <h3 class="anchor-heading"><a id="security_sasl"
class="anchor-link"></a><a href
user_admin="admin-secret" \
user_alice="alice-secret";</code></pre>
- If JAAS configuration is defined at different levels, the order of
precedence used is:
- <ul>
- <li>Broker configuration property
<code>listener.name.{listenerName}.{saslMechanism}.sasl.jaas.config</code></li>
- <li><code>{listenerName}.KafkaServer</code> section of static
JAAS configuration</code></li>
- <li><code>KafkaServer</code> section of static JAAS
configuration</code></li>
- </ul>
- Note that ZooKeeper JAAS config may only be configured using
static JAAS configuration.
-
- <p>See <a href="#security_sasl_kerberos_brokerconfig">GSSAPI
(Kerberos)</a>,
- <a href="#security_sasl_plain_brokerconfig">PLAIN</a>,
- <a href="#security_sasl_scram_brokerconfig">SCRAM</a> or
- <a href="#security_sasl_oauthbearer_brokerconfig">OAUTHBEARER</a>
for example broker configurations.</p></li>
-
- </li>
- <li><h5><a id="security_jaas_client"
- href="#security_jaas_client">JAAS configuration for Kafka
clients</a></h5>
-
- <p>Clients may configure JAAS using the client configuration
property
- <a href="#security_client_dynamicjaas">sasl.jaas.config</a>
- or using the <a href="#security_client_staticjaas">static JAAS
config file</a>
- similar to brokers.</p>
-
- <ol>
- <li><h6><a id="security_client_dynamicjaas"
- href="#security_client_dynamicjaas">JAAS configuration using
client configuration property</a></h6>
- <p>Clients may specify JAAS configuration as a producer or
consumer property without
- creating a physical configuration file. This mode also enables
different producers
- and consumers within the same JVM to use different credentials
by specifying
- different properties for each client. If both static JAAS
configuration system property
- <code>java.security.auth.login.config</code> and client
property <code>sasl.jaas.config</code>
- are specified, the client property will be used.</p>
-
- <p>See <a href="#security_sasl_kerberos_clientconfig">GSSAPI
(Kerberos)</a>,
- <a href="#security_sasl_plain_clientconfig">PLAIN</a>,
- <a href="#security_sasl_scram_clientconfig">SCRAM</a> or
- <a
href="#security_sasl_oauthbearer_clientconfig">OAUTHBEARER</a> for example
configurations.</p></li>
-
- <li><h6 class="anchor-heading"><a
id="security_client_staticjaas" class="anchor-link"></a><a
href="#security_client_staticjaas">JAAS configuration using static config
file</a></h6>
- To configure SASL authentication on the clients using static
JAAS config file:
- <ol>
- <li>Add a JAAS config file with a client login section named
<tt>KafkaClient</tt>. Configure
- a login module in <tt>KafkaClient</tt> for the selected
mechanism as described in the examples
- for setting up <a
href="#security_sasl_kerberos_clientconfig">GSSAPI (Kerberos)</a>,
- <a href="#security_sasl_plain_clientconfig">PLAIN</a>,
- <a href="#security_sasl_scram_clientconfig">SCRAM</a> or
- <a
href="#security_sasl_oauthbearer_clientconfig">OAUTHBEARER</a>.
- For example, <a
href="#security_sasl_gssapi_clientconfig">GSSAPI</a>
- credentials may be configured as:
- <pre class="line-numbers"><code
class="language-text">KafkaClient {
+ If JAAS configuration is defined at different levels, the
order of precedence used is:
Review comment:
Same as previous, you are right, it needs to be aligned with the
contents of the header `JAAS configuration for Kafka brokers`. However, the
problem here was that the previous content was misaligned.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
