trivial change to 0.9.0 docs to fix incorrect ssl.key.password

liangjiezhu · Nov 20, 2015 · a7726ee · a7726ee
1 parent b609645
commit a7726ee
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/docs/security.html b/docs/security.html
@@ -115,7 +115,7 @@ <h3><a id="security_ssl" href="#security_ssl">7.2 Encryption and Authentication
         <pre>
         ssl.keystore.location = /var/private/ssl/kafka.server.keystore.jks
         ssl.keystore.password = test1234
-        ssl.key.password = test1234
+        ssl.keystore.password = test1234
         ssl.truststore.location = /var/private/ssl/kafka.server.truststore.jks
         ssl.truststore.password = test1234</pre>
 
@@ -163,7 +163,7 @@ <h3><a id="security_ssl" href="#security_ssl">7.2 Encryption and Authentication
         <pre>
         ssl.keystore.location = "/var/private/ssl/kafka.client.keystore.jks"
         ssl.keystore.password = "test1234"
-        ssl.key.password = "test1234"</pre>
+        ssl.keystore.password = "test1234"</pre>
         Other configuration settings that may also be needed depending on our requirements and the broker configuration:
             <ol>
                 <li>ssl.provider (Optional). The name of the security provider used for SSL connections. Default value is the default security provider of the JVM.</li>
@@ -276,9 +276,9 @@ <h3><a id="security_sasl" href="#security_sasl">7.3 Authentication using SASL</a
 </ol>
 
 <h3><a id="security_authz" href="#security_authz">7.4 Authorization and ACLs</a></h3>
-Kafka ships with a pluggable Authorizer and an out-of-box authorizer implementation that uses zookeeper to store all the acls. Kafka acls are defined in the general format of "Principal P is [Allowed/Denied] Operation O From Host H On Resource R". You can read more about the acl structure on KIP-11. In order to add, remove or list acls you can use the Kafka authorizer CLI. By default, if a Resource R has no associated acls, no one other than super users is allowed to access R. If you want change that behavior, you can include the following in broker.properties.
+Kafka ships with a pluggable Authorizer and an out-of-box authorizer implementation that uses zookeeper to store all the acls. Kafka acls are defined in the general format of "Principal P is [Allowed/Denied] Operation O From Host H On Resource R". You can read more about the acl structure on KIP-11. In order to add, remove or list acls you can use the Kafka authorizer CLI. By default, if a Resource R has no associated acls, no one other than super users is allowed to access R. If you want to change that behavior, you can include the following in broker.properties.
 <pre>allow.everyone.if.no.acl.found=true</pre>
-One can also add super users in broker.properties like the following.
+One can also add super users in broker.properties like the following (note that the delimiter is semicolon since SSL user names may contain comma).
 <pre>super.users=User:Bob;User:Alice</pre>
 By default, the SSL user name will be of the form "CN=writeuser,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown". One can change that by setting a customized PrincipalBuilder in broker.properties like the following.
 <pre>principal.builder.class=CustomizedPrincipalBuilderClass</pre>