update(Client-Info authen): Add Dashboard configurations

en_US/access-control/authn/cinfo.md

@@ -1,8 +1,25 @@
 # Client-Info Authentication
 
-Client-info authentication (`cinfo` type) is a lightweight authentication mechanism that verifies client properties and attributes against user-defined rules. These rules make use of the Variform expressions to define matching conditions and determine the authentication outcome when a match is found. For example, to quickly block clients without a username, you can use the condition `str_eq(username, '')` with a result of `deny`.
+Client-Info authentication (`cinfo` type) is a lightweight authentication mechanism that verifies client properties and attributes against user-defined rules. These rules make use of the Variform expressions to define matching conditions and determine the authentication outcome when a match is found. For example, to quickly block clients without a username, you can use the condition `str_eq(username, '')` with a result of `deny`.
 
-The authenticator configuration looks like below:
+## Configure Client-Info Authentication via Dashboard
+
+In the EMQX Dashboard, navigate to **Access Control** -> **Authentication** in the left menu to enter the **Authentication** page. Click **Create** at the top right corner, then select **Client Info** as the **Mechanism**,  Client-Info authentication does not require selecting a backend, so you can proceed by clicking **Next** to enter the **Configure Parameters** step.
+
+1. Click **Add** in the **Checks**.
+   - In the **Match Conditions** input box, enter the Variform expression used to match client information. If there are multiple expressions, enter each on a new line. When all expressions return `true`, the authenticator will return the relevant result; otherwise, the current check will be skipped. The following variables are supported in the expressions:
+     - `username`: Username
+     - `clientid`: Client ID
+     - `client_attrs.*`: Client Attributes
+     - `peerhost`: Client IP
+     - `cert_subject`: TLS Certificate Subject
+     - `cert_common_name`: TLS Certificate Common Name
+   - Select `allow`, `ignore`, or `deny` from the **Result** dropdown menu.
+2. Click **Create** to complete the authentication configuration.
+
+## Configure Client-Info Authentication via Configuration Items
+
+Below is a configuration example for the Client-Info authenticator:
 
 ```bash
 authentication = [
@@ -37,7 +54,3 @@ More match expression examples:
 - Match clients whose attribute `client_attrs.group` is not `g0`: `str_neq(client_attrs.group, 'g0')`
 - Match client IDs that start with the zone name:`regex_match(clientid, concat(['^', zone, '.+$']))`
 
-## Configure Client-Info Authentication in Dashboard
-
-<!-- TODO --->
-

en_US/access-control/authn/kerberos.md

@@ -54,17 +54,19 @@ EMQX can only support keytab files at the default location. You can configure th
 
 In the EMQX Dashboard, navigate to **Access Control** -> **Authentication** in the left menu to enter the **Authentication** page. Click **Create** at the top right corner, then select **GSSAPI** as the **Mechanism**, and **Kerberos** as the **Backend**. Click **Next** to go to the **Configuration** step.
 
-Configure the following fields:
+1. Configure the following fields:
 
-- **Principal**: Set Kerberos principal for the server to define the server's identity within the Kerberos authentication system. For example, `mqtt/[email protected]`. 
+   - **Principal**: Set Kerberos principal for the server to define the server's identity within the Kerberos authentication system. For example, `mqtt/[email protected]`. 
 
-  Note: The realm in use must be configured in `/etc/krb5.conf` on EMQX nodes.
+     Note: The realm in use must be configured in `/etc/krb5.conf` on EMQX nodes.
 
-- **Keytab File**: Specify the path to the Kerberos keytab file.
 
-  Note: The keytab file must be located on the EMQX nodes, and the user running the EMQX service must have read permissions for the file.
+   - **Keytab File**: Specify the path to the Kerberos keytab file.
 
-Click **Create** to complete the configuration.
+     Note: The keytab file must be located on the EMQX nodes, and the user running the EMQX service must have read permissions for the file.
+
+
+2. Click **Create** to complete the configuration.
 
 ## Configure via Configuration Items
 

zh_CN/access-control/authn/cinfo.md

@@ -2,7 +2,33 @@
 
 Client-info 认证（`cinfo` 类型）是一种轻量级的认证机制，它通过检查客户端的属性和特性，依据用户定义的规则进行验证。这些规则使用 Variform 表达式来定义匹配条件，并在找到匹配时决定认证结果。例如，要快速阻止没有用户名的客户端，可以使用条件 `str_eq(username, '')`，并将结果设置为 `deny`。
 
-认证器配置如下：
+## 通过 Dashboard 配置 Client-Info 认证
+
+在 EMQX Dashboard 中，导航到左侧菜单中的**访问控制** -> **认证**，进入**认证**页面。点击右上角的**创建**，然后选择 **Client Info** 作为**认证方式**，Client Info 认证无需选择数据源，因此您可以继续点击**下一步**进入**配置参数**步骤。
+
+1. 在**检查列表**中点击**添加**。
+
+   - 在**匹配条件**输入框中输入用于匹配客户端信息的 Variform 表达式。当有多个表达式时需分行输入，每行一个表达式。当所有表达式返回 `true` 时，认证器返回相关结果；否则将跳过当前检查。表达式中支持以下变量：
+
+     - `username`: 用户名
+
+     - `clientid`: 客户端 ID
+
+     - `client_attrs.*`: 客户端属性
+
+     - `peerhost`: 客户端 IP
+
+     - `cert_subject`: TLS 证书主体
+
+     - `cert_common_name`: TLS 证书通用名称。 
+
+   - 从**匹配结果**下拉框中选择 `allow`, `ignore` 或者 `deny`。
+
+2. 点击**创建**完成认证配置。
+
+## 通过配置项配置 Client-Info 认证
+
+认证器配置示例：
 
 ```bash
 authentication = [
@@ -36,8 +62,3 @@ authentication = [
 - 匹配密码为环境变量 `EMQXVAR_SECRET` 与客户端 ID 连接后的 `sha1` 哈希值的客户端：`str_eq(password, hash(sha1, concat([clientid, getenv('SECRET')])))`
 - 匹配客户端属性 `client_attrs.group` 不为 `g0` 的客户端：`str_neq(client_attrs.group, 'g0')`
 - 匹配客户端 ID 以 zone 名称开头的客户端：`regex_match(clientid, concat(['^', zone, '.+$']))`
-
-## 通过 Dashboard 配置 Clinet-info 认证
-
-<!-- TODO --->
-

zh_CN/access-control/authn/kerberos.md

@@ -53,17 +53,19 @@ EMQX 只能支持默认位置的密钥表文件。您可以使用环境变量 `K
 
 在 EMQX Dashboard 中，导航到左侧菜单中的**访问控制** -> **认证**，进入**认证**页面。点击右上角的**创建**，然后选择 **GSSAPI** 作为**认证方式**，选择 **Kerberos** 作为**数据源**，点击**下一步**进入**配置参数**步骤。
 
-配置以下字段：
+1. 配置以下字段：
 
-- **主体**：设置服务器的 Kerberos 主体，用于定义服务器在 Kerberos 身份验证系统中的身份。例如，`mqtt/[email protected]`。
+   - **主体**：设置服务器的 Kerberos 主体，用于定义服务器在 Kerberos 身份验证系统中的身份。例如，`mqtt/[email protected]`。
 
-  注意：使用的领域必须在 EMQX 节点上的 `/etc/krb5.conf` 中配置。
+     注意：使用的领域必须在 EMQX 节点上的 `/etc/krb5.conf` 中配置。
 
-- **密钥表文件**：指定 Kerberos 密钥表文件的路径。
 
-  注意：密钥表文件必须位于 EMQX 节点上，并且运行 EMQX 服务的用户必须对该文件具有读取权限。
+   - **密钥表文件**：指定 Kerberos 密钥表文件的路径。
 
-点击**创建**完成配置。
+     注意：密钥表文件必须位于 EMQX 节点上，并且运行 EMQX 服务的用户必须对该文件具有读取权限。
+
+
+2. 点击**创建**完成配置。
 
 ## 通过配置项进行配置