The current handling of zookeeper.security.auth_to_local in KerberosName.java only supports
rules given directly as property value.
These rules must therefore be given on the command line and:
- must be escaped properly to avoid shell expansion
- are visible in the ps output
It would be much better to put these rules in a file and pass the file path as the property
value. We would then use something like:
-Dzookeeper.security.auth_to_local=file:/etc/zookeeper/rules.
I’ve created https://issues.apache.org/jira/browse/ZOOKEEPER-2843 and attached a patch to
add this functionality.
Would it be possible to have this enhancement in 3.4.11?
Thanks in advance.
Lionel Cons
|