Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-2953

Document Kerberos auth_to_local behavior

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.11.0
    • Fix Version/s: None
    • Component/s: documentation, security
    • Labels:
      None

      Description

      We should document how Kudu maps Kerberos principals to local (short) usernames.

      Unlike other Hadoop ecosystem components, Kudu doesn't support any custom mappings of its own. Instead, it defers to the Kerberos library itself, which may map principals depending on some krb5.conf configuration. If krb5 doesn't map a particular principal, Kudu will convert into a username by taking the first component of the principal.

      krb5-based mapping may be disabled by setting --use_system_auth_to_local to false, in which case Kudu will always use the automatic conversion described above.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                adar Adar Dembo
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: