The current handling of zookeeper.security.auth_to_local in KerberosName.java only supports rules given directly as property value.
These rules must therefore be given on the command line and: - must be escaped properly to avoid shell expansion - are visible in the ps output It would be much better to put these rules in a file and pass the file path as the property value. We would then use something like: -Dzookeeper.security.auth_to_local=file:/etc/zookeeper/rules. I’ve created https://issues.apache.org/jira/browse/ZOOKEEPER-2843 and attached a patch to add this functionality. Would it be possible to have this enhancement in 3.4.11? Thanks in advance. Lionel Cons
