Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-2198

Allow disregarding system-wide auth-to-local mapping

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.6.0
    • Fix Version/s: 1.6.0
    • Component/s: security
    • Labels:
      None
    • Target Version/s:

      Description

      Per a thread on the mailing list, some users have their krb5.conf set up in such a way that auth_to_local mapping doesn't apply correctly to Kudu service accounts. This doesn't cause problems for other Java-based Hadoop ecosystem services, because they don't respect the localauth plugins defined in krb5.conf but rather use their own auth_to_local mappings defined in the Hadoop configuration file.

      Longer term we could support our own custom mappings, but a simple interim solution is just to allow using the 'simple' mapping of taking the first component of the principal as the short username.

        Attachments

          Activity

            People

            • Assignee:
              tlipcon Todd Lipcon
              Reporter:
              tlipcon Todd Lipcon
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: