[ZOOKEEPER-2843] auth_to_local should support reading rules from a file - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 3.4.10, 3.5.3
Fix Version/s: None
Component/s: kerberos, server
Labels:
- pull-request-available

Description

The current handling of zookeeper.security.auth_to_local in KerberosName.java only supports rules given directly as property value.

These rules must therefore be given on the command line and:

must be escaped properly to avoid shell expansion
are visible in the ps output

It would be much better to put these rules in a file and pass the file path as the property value. We would then use something like -Dzookeeper.security.auth_to_local=file:/etc/zookeeper/rules.

Note that using the file: prefix allows keeping backward compatibility.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

ZOOKEEPER-2843.patch
31/Jul/17 12:23
0.8 kB
Lionel Cons

Issue Links

links to

GitHub Pull Request #324

Activity

People

Assignee:: Unassigned

Reporter:: Lionel Cons

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 13/Jul/17 07:15

Updated:: 31/Jan/19 09:44

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

40m