id: security-basic-auth title: Authentication using HTTP basic sidebar_label: “Authentication using HTTP basic” description: Get a comprehensive understanding of concepts and configuration methods of HTTP basic authentication in Pulsar.

import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';

Basic authentication is a simple authentication scheme built into the HTTP protocol, which uses base64-encoded username and password pairs as credentials.

Prerequisites

Install htpasswd in your environment to create a password file for storing username-password pairs.

  • For Ubuntu/Debian, run the following command to install htpasswd.

    apt install apache2-utils
    
  • For CentOS/RHEL, run the following command to install htpasswd.

    yum install httpd-tools
    

Create your authentication file

:::note

Currently, you can use MD5 (recommended) and CRYPT encryption to authenticate your password.

:::

To create a password file named .htpasswd with a user account superuser/admin, you can use the following methods.

  • Use MD5 encryption (recommended):

    htpasswd -cmb /path/to/.htpasswd superuser admin
    
  • Use CRYPT encryption:

    htpasswd -cdb /path/to/.htpasswd superuser admin
    

You can preview the content of your password file by running the following command:

cat path/to/.htpasswd
superuser:$apr1$GBIYZYFZ$MzLcPrvoUky16mLcK6UtX/

Enable basic authentication on brokers/proxies

To configure brokers/proxies to authenticate clients using basic, add the following parameters to the conf/broker.conf and the conf/proxy.conf file. If you use a standalone Pulsar, you need to add these parameters to the conf/standalone.conf file:

# Configuration to enable Basic authentication
authenticationEnabled=true
authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderBasic

basicAuthConf=file:///path/to/.htpasswd
# basicAuthConf=/path/to/.htpasswd
# When use the base64 format, you need to encode the .htpaswd content to bas64
# basicAuthConf=data:;base64,YOUR-BASE64
# basicAuthConf=YOUR-BASE64

# Authentication settings of the broker itself. Used when the broker connects to other brokers, or when the proxy connects to brokers, either in same or other clusters
brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
brokerClientAuthenticationParameters={"userId":"superuser","password":"admin"}

:::note

You can also set an environment variable named PULSAR_EXTRA_OPTS and the value is -Dpulsar.auth.basic.conf=/path/to/.htpasswd. Pulsar reads this environment variable to implement HTTP basic authentication.

:::

Configure basic authentication in CLI tools

Command-line tools, such as Pulsar-admin, Pulsar-perf and Pulsar-client, use the conf/client.conf file in your Pulsar installation. To configure basic authentication in Pulsar CLI tools, you need to add the following parameters to the conf/client.conf file.

authPlugin=org.apache.pulsar.client.impl.auth.AuthenticationBasic
authParams={"userId":"superuser","password":"admin"}

Configure basic authentication in Pulsar clients

To configure basic authentication when using Pulsar clients, you can follow the example below.

<Tabs groupId="lang-choice"
  defaultValue="Java"
  values={[{"label":"Java","value":"Java"},{"label":"Python","value":"Python"},{"label":"C++","value":"C++"},{"label":"Go","value":"Go"}]}>
<TabItem value="Java">

   ```java
   AuthenticationBasic auth = new AuthenticationBasic();
   auth.configure("{\"userId\":\"superuser\",\"password\":\"admin\"}");
   PulsarClient client = PulsarClient.builder()
      .serviceUrl("pulsar://broker.example.com:6650")
      .authentication(auth)
      .build();
   ```

  </TabItem>
  <TabItem value="C++">

   ```cpp
   #include <pulsar/Client.h>

   int main() {
       pulsar::ClientConfiguration config;
       AuthenticationPtr auth = pulsar::AuthBasic::create("admin", "123456")
       config.setAuth(auth);
       pulsar::Client client("pulsar://broker.example.com:6650/", config);

       return 0;
   }
   ```

  </TabItem>
  <TabItem value="Python">

   ```python
   if __name__ == "__main__":
      client = Client("pulsar://broker.example.com:6650", authentication=AuthenticationBasic("admin", "123456"))
   ```

  </TabItem>
  <TabItem value="Go">

   ```go
	provider, err := pulsar.NewAuthenticationBasic("admin", "123456")
	if err != nil {
		log.Fatal(err)
	}
	client, err := pulsar.NewClient(pulsar.ClientOptions{
		URL: "pulsar://broker.example.com:6650",
		Authentication: provider,
	})
   ```

  </TabItem>
</Tabs>