Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-2843

auth_to_local should support reading rules from a file

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.4.10, 3.5.3
    • Fix Version/s: None
    • Component/s: kerberos, server

      Description

      The current handling of zookeeper.security.auth_to_local in KerberosName.java only supports rules given directly as property value.

      These rules must therefore be given on the command line and:

      • must be escaped properly to avoid shell expansion
      • are visible in the ps output

      It would be much better to put these rules in a file and pass the file path as the property value. We would then use something like -Dzookeeper.security.auth_to_local=file:/etc/zookeeper/rules.

      Note that using the file: prefix allows keeping backward compatibility.

        Attachments

        1. ZOOKEEPER-2843.patch
          0.8 kB
          Lionel Cons

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              lionel.cons Lionel Cons
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 40m
                40m