auth_to_local should support reading rules from a file

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

auth_to_local should support reading rules from a file

Lionel Cons
The current handling of zookeeper.security.auth_to_local in KerberosName.java only supports rules given directly as property value.

These rules must therefore be given on the command line and:
 - must be escaped properly to avoid shell expansion
 - are visible in the ps output

It would be much better to put these rules in a file and pass the file path as the property value. We would then use something like:
  -Dzookeeper.security.auth_to_local=file:/etc/zookeeper/rules.

I’ve created https://issues.apache.org/jira/browse/ZOOKEEPER-2843 and attached a patch to add this functionality.

Would it be possible to have this enhancement in 3.4.11?

Thanks in advance.

Lionel Cons

Loading...