zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lionel Cons <lionel.c...@cern.ch>
Subject auth_to_local should support reading rules from a file
Date Mon, 31 Jul 2017 12:29:52 GMT
The current handling of zookeeper.security.auth_to_local in KerberosName.java
only supports rules given directly as the property value.

These rules must therefore be given on the command line and:
 - must be escaped properly to avoid shell expansion
 - are visible in the ps output

It would be much better to put these rules in a file and pass the file path as
the property value. We would then use something like:

 | -Dzookeeper.security.auth_to_local=file:/etc/zookeeper/rules

Note that using the file: prefix allows keeping backward compatibility.

I've created https://issues.apache.org/jira/browse/ZOOKEEPER-2843 and attached
a patch to add this functionality.

Would it be possible to get this in 3.4.11?

Cheers,

Lionel

Mime
View raw message