diff --git a/site2/docs/security-basic-auth.md b/site2/docs/security-basic-auth.md index 2585526bb478af..1ab8c25132cc6d 100644 --- a/site2/docs/security-basic-auth.md +++ b/site2/docs/security-basic-auth.md @@ -55,37 +55,49 @@ superuser:$apr1$GBIYZYFZ$MzLcPrvoUky16mLcK6UtX/ ## Enable basic authentication on brokers -To configure brokers to authenticate clients, complete the following steps. +To configure brokers to authenticate clients, add the following parameters to the `conf/broker.conf` file. If you use a standalone Pulsar, you need to add these parameters to the `conf/standalone.conf` file: -1. Add the following parameters to the `conf/broker.conf` file. If you use a standalone Pulsar, you need to add these parameters to the `conf/standalone.conf` file. - - ``` - # Configuration to enable Basic authentication - authenticationEnabled=true - authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic +``` +# Configuration to enable Basic authentication +authenticationEnabled=true +authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic + +basicAuthConf=file:///path/to/.htpasswd +# basicAuthConf=/path/to/.htpasswd +# When use the base64 format, you need to encode the .htpaswd content to bas64 +# basicAuthConf=data:;base64,YOUR-BASE64 +# basicAuthConf=YOUR-BASE64 + +# Authentication settings of the broker itself. Used when the broker connects to other brokers, either in same or other clusters +brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic +brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"} + +# If this flag is set then the broker authenticates the original Auth data +# else it just accepts the originalPrincipal and authorizes it (if required). +authenticateOriginalAuthData=true +``` - # Authentication settings of the broker itself. Used when the broker connects to other brokers, either in same or other clusters - brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic - brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"} +:::note - # If this flag is set then the broker authenticates the original Auth data - # else it just accepts the originalPrincipal and authorizes it (if required). - authenticateOriginalAuthData=true - ``` +You can also set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication. -2. Set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication. +::: ## Enable basic authentication on proxies -To configure proxies to authenticate clients, complete the following steps. - -1. Add the following parameters to the `conf/proxy.conf` file: +To configure proxies to authenticate clients, add the following parameters to the `conf/proxy.conf` file: ``` # For clients connecting to the proxy authenticationEnabled=true authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic + basicAuthConf=file:///path/to/.htpasswd + # basicAuthConf=/path/to/.htpasswd + # When use the base64 format, you need to encode the .htpaswd content to bas64 + # basicAuthConf=data:;base64,YOUR-BASE64 + # basicAuthConf=YOUR-BASE64 + # For the proxy to connect to brokers brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"} @@ -95,7 +107,11 @@ To configure proxies to authenticate clients, complete the following steps. forwardAuthorizationCredentials=true ``` -2. Set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication. + :::note + + You can also set an environment variable named `PULSAR_EXTRA_OPTS` and the value is `-Dpulsar.auth.basic.conf=/path/to/.htpasswd`. Pulsar reads this environment variable to implement HTTP basic authentication. + + ::: ## Configure basic authentication in CLI tools