You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zookeeper.apache.org by "Lionel Cons (JIRA)" <ji...@apache.org> on 2017/07/13 07:16:00 UTC

[jira] [Created] (ZOOKEEPER-2843) auth_to_local should support reading rules from a file

Lionel Cons created ZOOKEEPER-2843:
--------------------------------------

             Summary: auth_to_local should support reading rules from a file
                 Key: ZOOKEEPER-2843
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2843
             Project: ZooKeeper
          Issue Type: Improvement
            Reporter: Lionel Cons


The current handling of {{zookeeper.security.auth_to_local}} in {{KerberosName.java}} only support rules given directly as the property value.

These rules must therefore be given on the command line and:
* must be escaped properly to avoid shell expansion
* are visible in the {{ps}} output

It would be much better to put these rules in a file and pass the file path as the property value. We would then use something like {{-Dzookeeper.security.auth_to_local=file:/etc/zookeeper/rules}}.

Note that using the {{file:}} prefix allows keeping backward compatibility.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)