Skip to content

Commit

Permalink
[improve][doc] Add more configuration methods for basic authentication
Browse files Browse the repository at this point in the history
Signed-off-by: Zixuan Liu <[email protected]>
  • Loading branch information
nodece committed Aug 5, 2022
1 parent d32e1df commit 4c7188d
Showing 1 changed file with 46 additions and 30 deletions.
76 changes: 46 additions & 30 deletions site2/docs/security-basic-auth.md
Original file line number Diff line number Diff line change
Expand Up @@ -55,47 +55,63 @@ superuser:$apr1$GBIYZYFZ$MzLcPrvoUky16mLcK6UtX/

## Enable basic authentication on brokers

To configure brokers to authenticate clients, complete the following steps.
To configure brokers to authenticate clients, add the following parameters to the `conf/broker.conf` file. If you use a standalone Pulsar, you need to add these parameters to the `conf/standalone.conf` file:

1. Add the following parameters to the `conf/broker.conf` file. If you use a standalone Pulsar, you need to add these parameters to the `conf/standalone.conf` file.

```
# Configuration to enable Basic authentication
authenticationEnabled=true
authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic
```
# Configuration to enable Basic authentication
authenticationEnabled=true
authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic
basicAuthConf=file:///path/to/.htpasswd
# basicAuthConf=/path/to/.htpasswd
# When use the base64 format, you need to encode the .htpaswd content to bas64
# basicAuthConf=data:;base64,YOUR-BASE64
# basicAuthConf=YOUR-BASE64
# Authentication settings of the broker itself. Used when the broker connects to other brokers, either in same or other clusters
brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"}
# If this flag is set then the broker authenticates the original Auth data
# else it just accepts the originalPrincipal and authorizes it (if required).
authenticateOriginalAuthData=true
```

# Authentication settings of the broker itself. Used when the broker connects to other brokers, either in same or other clusters
brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"}
:::note

# If this flag is set then the broker authenticates the original Auth data
# else it just accepts the originalPrincipal and authorizes it (if required).
authenticateOriginalAuthData=true
```
You can also set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication.

2. Set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication.
:::

## Enable basic authentication on proxies

To configure proxies to authenticate clients, complete the following steps.
To configure proxies to authenticate clients, add the following parameters to the `conf/proxy.conf` file:

1. Add the following parameters to the `conf/proxy.conf` file:

```
# For clients connecting to the proxy
authenticationEnabled=true
authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic
```
# For clients connecting to the proxy
authenticationEnabled=true
authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic
basicAuthConf=file:///path/to/.htpasswd
# basicAuthConf=/path/to/.htpasswd
# When use the base64 format, you need to encode the .htpaswd content to bas64
# basicAuthConf=data:;base64,YOUR-BASE64
# basicAuthConf=YOUR-BASE64
# For the proxy to connect to brokers
brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"}
# Whether client authorization credentials are forwarded to the broker for re-authorization.
# Authentication must be enabled via authenticationEnabled=true for this to take effect.
forwardAuthorizationCredentials=true
```

# For the proxy to connect to brokers
brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"}
:::note

# Whether client authorization credentials are forwarded to the broker for re-authorization.
# Authentication must be enabled via authenticationEnabled=true for this to take effect.
forwardAuthorizationCredentials=true
```
You can also set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication.

2. Set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication.
:::

## Configure basic authentication in CLI tools

Expand Down

0 comments on commit 4c7188d

Please sign in to comment.