[
https://issues.apache.org/jira/browse/ZOOKEEPER-2843?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16756891#comment-16756891
]
Mohammad Arshad commented on ZOOKEEPER-2843:
--------------------------------------------
security.auth_to_local can also be configured without having new line character
in the Rules like security.auth_to_local=RULE:[1:$1]RULE:[2:$1]DEFAULT. In this
case above discussed problems would not occur. So the changes proposed in this
JIRA are not required. We can close this jira.
> auth_to_local should support reading rules from a file
> ------------------------------------------------------
>
> Key: ZOOKEEPER-2843
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2843
> Project: ZooKeeper
> Issue Type: Improvement
> Components: kerberos, server
> Affects Versions: 3.4.10, 3.5.3
> Reporter: Lionel Cons
> Priority: Major
> Labels: pull-request-available
> Attachments: ZOOKEEPER-2843.patch
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The current handling of {{zookeeper.security.auth_to_local}} in
> {{KerberosName.java}} only supports rules given directly as property value.
> These rules must therefore be given on the command line and:
> * must be escaped properly to avoid shell expansion
> * are visible in the {{ps}} output
> It would be much better to put these rules in a file and pass the file path
> as the property value. We would then use something like
> {{-Dzookeeper.security.auth_to_local=file:/etc/zookeeper/rules}}.
> Note that using the {{file:}} prefix allows keeping backward compatibility.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
