Description
Per a thread on the mailing list, some users have their krb5.conf set up in such a way that auth_to_local mapping doesn't apply correctly to Kudu service accounts. This doesn't cause problems for other Java-based Hadoop ecosystem services, because they don't respect the localauth plugins defined in krb5.conf but rather use their own auth_to_local mappings defined in the Hadoop configuration file.
Longer term we could support our own custom mappings, but a simple interim solution is just to allow using the 'simple' mapping of taking the first component of the principal as the short username.
Attachments
Issue Links
- is related to
-
KUDU-2954 Support custom auth_to_local mappings
- Open