Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
-
ghx-label-7
Description
As of KUDU-1884, Kudu supports custom Kerberos principals on server-side and custom SASL protocol (service) names on client-side which must match the SPN base, i.e. if the SPN is kudu/_HOST, SASL protocol name must be "kudu" in the client to be able to connect to the cluster.
On the client-side, this can be set on the client builder:
https://github.com/apache/kudu/blob/dc5b5bd899755faa506363bd00d3bbbac8d594d3/src/kudu/client/client.h#L308-L320
https://github.com/apache/kudu/blob/dc5b5bd899755faa506363bd00d3bbbac8d594d3/java/kudu-client/src/main/java/org/apache/kudu/client/AsyncKuduClient.java#L2895-L2909
Users should be able to set this in Impala to be able to connect to a Kudu cluster with non-default SPNs.