[IMPALA-7072] Support Kerberos auth_to_local rules - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Resolved
Priority: Major
Resolution: Won't Fix
Affects Version/s: Impala 2.12.0
Fix Version/s: None
Component/s: Security
Labels:
- kerberos

Target Version:

Product Backlog
Epic Color:
ghx-label-1

Description

On deployments that use Heimdal kerberos configured with 'auth_to_local' rules set, and with the Impala startup flag 'use_kudu_kinit'= true, the auth_to_local rules will not be respected as it's not supported with Kudu's kinit.

The implication of this is that from Impala 2.12.0 onwards, clusters with the above configuration will not be able to use KRPC with kerberos enabled.

A workaround is to get rid of the auth_to_local rules for such deployments.

We need to have a good long term solution to fix this.

Attachments

Sub-Tasks

Impala 2.12 Doc: Kudu's kinit does not support auth_to_local rules with Heimdal kerberos

Closed

Alexandra Rodoni

Activity

People

Assignee:: Unassigned

Reporter:: Sailesh Mukil

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 24/May/18 21:48

Updated:: 23/Dec/20 21:46

Resolved:: 23/Dec/20 21:46