[GitHub] [kafka] jlprat commented on a change in pull request #10770: MINOR: fix code listings security.html

GitBox Tue, 01 Jun 2021 02:08:44 -0700


jlprat commented on a change in pull request #10770:
URL: https://github.com/apache/kafka/pull/10770#discussion_r642923211




##########
File path: docs/security.html
##########
@@ -384,56 +384,56 @@ <h5>SSL key and certificates in PEM format</h5>
 ssl.key.password=test1234</code></pre>
 
             Other configuration settings that may also be needed depending on 
our requirements and the broker configuration:
-                <ol>
-                    <li>ssl.provider (Optional). The name of the security 
provider used for SSL connections. Default value is the default security 
provider of the JVM.</li>
-                    <li>ssl.cipher.suites (Optional). A cipher suite is a 
named combination of authentication, encryption, MAC and key exchange algorithm 
used to negotiate the security settings for a network connection using TLS or 
SSL network protocol.</li>
-                    <li>ssl.enabled.protocols=TLSv1.2,TLSv1.1,TLSv1. It should 
list at least one of the protocols configured on the broker side</li>
-                    <li>ssl.truststore.type=JKS</li>
-                    <li>ssl.keystore.type=JKS</li>
-                </ol>
-    <br>
+            <ol>
+                <li>ssl.provider (Optional). The name of the security provider 
used for SSL connections. Default value is the default security provider of the 
JVM.</li>
+                <li>ssl.cipher.suites (Optional). A cipher suite is a named 
combination of authentication, encryption, MAC and key exchange algorithm used 
to negotiate the security settings for a network connection using TLS or SSL 
network protocol.</li>
+                <li>ssl.enabled.protocols=TLSv1.2,TLSv1.1,TLSv1. It should 
list at least one of the protocols configured on the broker side</li>
+                <li>ssl.truststore.type=JKS</li>
+                <li>ssl.keystore.type=JKS</li>
+            </ol>
+            <br>
             Examples using console-producer and console-consumer:
-            <pre class="line-numbers"><code 
class="language-bash">kafka-console-producer.sh --bootstrap-server 
localhost:9093 --topic test --producer.config client-ssl.properties
-kafka-console-consumer.sh --bootstrap-server localhost:9093 --topic test 
--consumer.config client-ssl.properties</code></pre>
+            <pre class="line-numbers"><code class="language-bash">&gt; 
kafka-console-producer.sh --bootstrap-server localhost:9093 --topic test 
--producer.config client-ssl.properties
+&gt; kafka-console-consumer.sh --bootstrap-server localhost:9093 --topic test 
--consumer.config client-ssl.properties</code></pre>
         </li>
     </ol>
     <h3 class="anchor-heading"><a id="security_sasl" 
class="anchor-link"></a><a href="#security_sasl">7.3 Authentication using 
SASL</a></h3>
 
     <ol>
-    <li><h4 class="anchor-heading"><a id="security_sasl_jaasconfig" 
class="anchor-link"></a><a href="#security_sasl_jaasconfig">JAAS 
configuration</a></h4>
-    <p>Kafka uses the Java Authentication and Authorization Service
-    (<a 
href="https://docs.oracle.com/javase/8/docs/technotes/guides/security/jaas/JAASRefGuide.html";>JAAS</a>)
-    for SASL configuration.</p>
-        <ol>
-        <li><h5><a id="security_jaas_broker"
-            href="#security_jaas_broker">JAAS configuration for Kafka 
brokers</a></h5>
-
-            <p><tt>KafkaServer</tt> is the section name in the JAAS file used 
by each
-            KafkaServer/Broker. This section provides SASL configuration 
options
-            for the broker including any SASL client connections made by the 
broker
-            for inter-broker communication. If multiple listeners are 
configured to use
-            SASL, the section name may be prefixed with the listener name in 
lower-case
-            followed by a period, e.g. <tt>sasl_ssl.KafkaServer</tt>.</p>
-
-            <p><tt>Client</tt> section is used to authenticate a SASL 
connection with
-            zookeeper. It also allows the brokers to set SASL ACL on zookeeper
-            nodes which locks these nodes down so that only the brokers can
-            modify it. It is necessary to have the same principal name across 
all
-            brokers. If you want to use a section name other than Client, set 
the
-            system property <tt>zookeeper.sasl.clientconfig</tt> to the 
appropriate
-            name (<i>e.g.</i>, 
<tt>-Dzookeeper.sasl.clientconfig=ZkClient</tt>).</p>
-
-            <p>ZooKeeper uses "zookeeper" as the service name by default. If 
you
-            want to change this, set the system property
-            <tt>zookeeper.sasl.client.username</tt> to the appropriate name
-            (<i>e.g.</i>, <tt>-Dzookeeper.sasl.client.username=zk</tt>).</p>
-
-            <p>Brokers may also configure JAAS using the broker configuration 
property <code>sasl.jaas.config</code>.
-            The property name must be prefixed with the listener prefix 
including the SASL mechanism,
-            i.e. 
<code>listener.name.{listenerName}.{saslMechanism}.sasl.jaas.config</code>. 
Only one
-            login module may be specified in the config value. If multiple 
mechanisms are configured on a
-            listener, configs must be provided for each mechanism using the 
listener and mechanism prefix.
-            For example,
+        <li><h4 class="anchor-heading"><a id="security_sasl_jaasconfig" 
class="anchor-link"></a><a href="#security_sasl_jaasconfig">JAAS 
configuration</a></h4>
+            <p>Kafka uses the Java Authentication and Authorization Service
+            (<a 
href="https://docs.oracle.com/javase/8/docs/technotes/guides/security/jaas/JAASRefGuide.html";>JAAS</a>)
+            for SASL configuration.</p>
+                <ol>
+                <li><h5><a id="security_jaas_broker"
+                    href="#security_jaas_broker">JAAS configuration for Kafka 
brokers</a></h5>
+
+                    <p><tt>KafkaServer</tt> is the section name in the JAAS 
file used by each
+                    KafkaServer/Broker. This section provides SASL 
configuration options
+                    for the broker including any SASL client connections made 
by the broker
+                    for inter-broker communication. If multiple listeners are 
configured to use
+                    SASL, the section name may be prefixed with the listener 
name in lower-case
+                    followed by a period, e.g. 
<tt>sasl_ssl.KafkaServer</tt>.</p>
+
+                    <p><tt>Client</tt> section is used to authenticate a SASL 
connection with
+                    zookeeper. It also allows the brokers to set SASL ACL on 
zookeeper
+                    nodes which locks these nodes down so that only the 
brokers can
+                    modify it. It is necessary to have the same principal name 
across all
+                    brokers. If you want to use a section name other than 
Client, set the
+                    system property <tt>zookeeper.sasl.clientconfig</tt> to 
the appropriate
+                    name (<i>e.g.</i>, 
<tt>-Dzookeeper.sasl.clientconfig=ZkClient</tt>).</p>
+
+                    <p>ZooKeeper uses "zookeeper" as the service name by 
default. If you
+                    want to change this, set the system property
+                    <tt>zookeeper.sasl.client.username</tt> to the appropriate 
name
+                    (<i>e.g.</i>, 
<tt>-Dzookeeper.sasl.client.username=zk</tt>).</p>
+
+                    <p>Brokers may also configure JAAS using the broker 
configuration property <code>sasl.jaas.config</code>.

Review comment:
       It was missing, good spot




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [kafka] jlprat commented on a change in pull request #10770: MINOR: fix code listings security.html

Reply via email to