You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zookeeper.apache.org by Lionel Cons <li...@cern.ch> on 2017/07/31 12:29:52 UTC

auth_to_local should support reading rules from a file

The current handling of zookeeper.security.auth_to_local in KerberosName.java
only supports rules given directly as the property value.

These rules must therefore be given on the command line and:
 - must be escaped properly to avoid shell expansion
 - are visible in the ps output

It would be much better to put these rules in a file and pass the file path as
the property value. We would then use something like:

 | -Dzookeeper.security.auth_to_local=file:/etc/zookeeper/rules

Note that using the file: prefix allows keeping backward compatibility.

I've created https://issues.apache.org/jira/browse/ZOOKEEPER-2843 and attached
a patch to add this functionality.

Would it be possible to get this in 3.4.11?

Cheers,

Lionel