zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lionel Cons <Lionel.C...@cern.ch>
Subject auth_to_local should support reading rules from a file
Date Tue, 01 Aug 2017 06:33:32 GMT
The current handling of zookeeper.security.auth_to_local in KerberosName.java only supports
rules given directly as property value.

These rules must therefore be given on the command line and:
 - must be escaped properly to avoid shell expansion
 - are visible in the ps output

It would be much better to put these rules in a file and pass the file path as the property
value. We would then use something like:
  -Dzookeeper.security.auth_to_local=file:/etc/zookeeper/rules.

I’ve created https://issues.apache.org/jira/browse/ZOOKEEPER-2843 and attached a patch to
add this functionality.

Would it be possible to have this enhancement in 3.4.11?

Thanks in advance.

Lionel Cons

Mime
View raw message