Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-7072

Support Kerberos auth_to_local rules

    Details

    • Type: New Feature
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: Impala 2.12.0
    • Fix Version/s: None
    • Component/s: Security
    • Labels:

      Description

      On deployments that use Heimdal kerberos configured with 'auth_to_local' rules set, and with the Impala startup flag 'use_kudu_kinit'= true, the auth_to_local rules will not be respected as it's not supported with Kudu's kinit.

      The implication of this is that from Impala 2.12.0 onwards, clusters with the above configuration will not be able to use KRPC with kerberos enabled.

      A workaround is to get rid of the auth_to_local rules for such deployments.

      We need to have a good long term solution to fix this.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              sailesh Sailesh Mukil
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated: