Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-6973

auth_to_local not considered for delegated users

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Epic Color:
      ghx-label-3

      Description

      When the user-names are stored in Active Directory in UPPERCASE, but all usernames in linux/CDH are in lowercase it is usually used the user name conversion by the auth_to_local_rule.

      I.e.:
      To perform this conversion, we use the rule:
      auth_to_local=RULE:[1:$1@$0](.@.COMPANY.COM)s/@.*///L
      with the switch "/L" to convert usernames to lower case.

      This works for "normal user" authentication, i.e. the webinterfaces, access to impala via ODBC.

      However, when it is used the "delegation user", the auth_to_local_rule is not used and to get it works the <user allowed to delegate> should be configured in UPPERCASE.

      We are checking auth_to_local for the User authentication:
      https://github.com/cloudera/Impala/blob/cdh5-2.5.0_5.7.5/fe/src/main/java/com/cloudera/impala/authorization/User.java

      but not for the delegated user:

      https://github.com/cloudera/Impala/blob/87482a4f367f8c1edd12af494e4992ac8f7aa3ba/be/src/service/impala-hs2-server.cc#L308-L336

      https://github.com/cloudera/Impala/blob/cdh5-2.5.0_5.7.5/be/src/service/impala-server.cc#L1197-L1230

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              adrenas Adriano
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: