Update pulsar kerberos and cli document. (apache#4425)

JamieCressey · Jun 2, 2019 · db94c4f · db94c4f
1 parent 5f2dfc1
commit db94c4f
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 10 deletions.
diff --git a/site2/docs/reference-cli-tools.md b/site2/docs/reference-cli-tools.md
@@ -288,8 +288,8 @@ Commands
 Options
 |Flag|Description|Default|
 |---|---|---|
-|`--auth-params`|Authentication parameters, whose format is determined by the implementation of method `configure` in authentication plugin class, for example "key1:val1,key2:val2" or "{\"key1\":\"val1\",\"key2\":\"val2\"}"||
-|`--auth-plugin`|Authentication plugin class name||
+|`--auth-params`|Authentication parameters, whose format is determined by the implementation of method `configure` in authentication plugin class, for example "key1:val1,key2:val2" or "{\"key1\":\"val1\",\"key2\":\"val2\"}"|{"saslJaasClientSectionName":"PulsarClient", "serverType":"broker"}|
+|`--auth-plugin`|Authentication plugin class name|org.apache.pulsar.client.impl.auth.AuthenticationSasl|
 |`--url`|Broker URL to which to connect|pulsar://localhost:6650/|
 
 
@@ -322,10 +322,10 @@ Options
 |Flag|Description|Default|
 |---|---|---|
 |`--hex`|Display binary messages in hexadecimal format.|false|
-|`-n`, `--num-messages`|Number of messages to consume, 0 means to consume forever.|0|
+|`-n`, `--num-messages`|Number of messages to consume, 0 means to consume forever.|1|
 |`-r`, `--rate`|Rate (in messages per second) at which to consume; a value 0 means to consume messages as fast as possible|0.0|
 |`-s`, `--subscription-name`|Subscription name||
-|`-t`, `--subscription-type`|The type of the subscription. Possible values: Exclusive, Shared, Failover.|Exclusive|
+|`-t`, `--subscription-type`|The type of the subscription. Possible values: Exclusive, Shared, Failover, Key_Shared.|Exclusive|
 
 
 

diff --git a/site2/docs/security-kerberos.md b/site2/docs/security-kerberos.md
@@ -141,9 +141,9 @@ The following is an example of creating a Java client:
  System.setProperty("java.security.auth.login.config", "/etc/pulsar/pulsar_jaas.conf");
  System.setProperty("java.security.krb5.conf", "/etc/pulsar/krb5.conf");
 
- Map<String, String> clientSaslConfig = Maps.newHashMap();
- clientSaslConfig.put("saslJaasClientSectionName", "PulsarClient");
- clientSaslConfig.put("serverType", "broker");
+ Map<String, String> authParams = Maps.newHashMap();
+ authParams.put("saslJaasClientSectionName", "PulsarClient");
+ authParams.put("serverType", "broker");
 
  Authentication saslAuth = AuthenticationFactory
          .create(org.apache.pulsar.client.impl.auth.AuthenticationSasl.class.getName(), authParams);
@@ -154,6 +154,12 @@ The following is an example of creating a Java client:
          .build();
  ```
 
+> The first two lines in the example above are hard coded, alternatively, you can set additional JVM parameters for JAAS and krb5 configuration file when running the application like below:
+
+```
+java -cp -Djava.security.auth.login.config=/etc/pulsar/pulsar_jaas.conf -Djava.security.krb5.conf=/etc/pulsar/krb5.conf $APP-jar-with-dependencies.jar $CLASSNAME
+```
+
 Make sure that the keytabs configured in the `pulsar_jaas.conf` file and kdc server in the `krb5.conf` file are reachable by the operating system user who is starting pulsar client.
 
 If you are using command line, you can continue with these step:
@@ -235,9 +241,9 @@ Pulsar client configuration is similar with client and broker configuration, exc
  System.setProperty("java.security.auth.login.config", "/etc/pulsar/pulsar_jaas.conf");
  System.setProperty("java.security.krb5.conf", "/etc/pulsar/krb5.conf");
 
- Map<String, String> clientSaslConfig = Maps.newHashMap();
- clientSaslConfig.put("saslJaasClientSectionName", "PulsarClient");
- clientSaslConfig.put("serverType", "proxy");        // ** here is the different **
+ Map<String, String> authParams = Maps.newHashMap();
+ authParams.put("saslJaasClientSectionName", "PulsarClient");
+ authParams.put("serverType", "proxy");        // ** here is the different **
 
  Authentication saslAuth = AuthenticationFactory
          .create(org.apache.pulsar.client.impl.auth.AuthenticationSasl.class.getName(), authParams);
@@ -248,6 +254,12 @@ Pulsar client configuration is similar with client and broker configuration, exc
          .build();
  ```
 
+> The first two lines in the example above are hard coded, alternatively, you can set additional JVM parameters for JAAS and krb5 configuration file when running the application like below:
+
+```
+java -cp -Djava.security.auth.login.config=/etc/pulsar/pulsar_jaas.conf -Djava.security.krb5.conf=/etc/pulsar/krb5.conf $APP-jar-with-dependencies.jar $CLASSNAME
+```
+
 ### Kerberos configuration for Pulsar Proxy service
 
 In the `proxy.conf` file, set Kerberos related configuration. Here is an example: