Lionel Cons created ZOOKEEPER-2843:
--------------------------------------
Summary: auth_to_local should support reading rules from a file
Key: ZOOKEEPER-2843
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2843
Project: ZooKeeper
Issue Type: Improvement
Reporter: Lionel Cons
The current handling of {{zookeeper.security.auth_to_local}} in
{{KerberosName.java}} only support rules given directly as the property value.
These rules must therefore be given on the command line and:
* must be escaped properly to avoid shell expansion
* are visible in the {{ps}} output
It would be much better to put these rules in a file and pass the file path as
the property value. We would then use something like
{{-Dzookeeper.security.auth_to_local=file:/etc/zookeeper/rules}}.
Note that using the {{file:}} prefix allows keeping backward compatibility.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
