[ https://issues.apache.org/jira/browse/ZOOKEEPER-2843?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16756891#comment-16756891 ]
Mohammad Arshad commented on ZOOKEEPER-2843: -------------------------------------------- security.auth_to_local can also be configured without having new line character in the Rules like security.auth_to_local=RULE:[1:$1]RULE:[2:$1]DEFAULT. In this case above discussed problems would not occur. So the changes proposed in this JIRA are not required. We can close this jira. > auth_to_local should support reading rules from a file > ------------------------------------------------------ > > Key: ZOOKEEPER-2843 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2843 > Project: ZooKeeper > Issue Type: Improvement > Components: kerberos, server > Affects Versions: 3.4.10, 3.5.3 > Reporter: Lionel Cons > Priority: Major > Labels: pull-request-available > Attachments: ZOOKEEPER-2843.patch > > Time Spent: 10m > Remaining Estimate: 0h > > The current handling of {{zookeeper.security.auth_to_local}} in > {{KerberosName.java}} only supports rules given directly as property value. > These rules must therefore be given on the command line and: > * must be escaped properly to avoid shell expansion > * are visible in the {{ps}} output > It would be much better to put these rules in a file and pass the file path > as the property value. We would then use something like > {{-Dzookeeper.security.auth_to_local=file:/etc/zookeeper/rules}}. > Note that using the {{file:}} prefix allows keeping backward compatibility. -- This message was sent by Atlassian JIRA (v7.6.3#76005)