We should document how Kudu maps Kerberos principals to local (short) usernames.
Unlike other Hadoop ecosystem components, Kudu doesn't support any custom mappings of its own. Instead, it defers to the Kerberos library itself, which may map principals depending on some krb5.conf configuration. If krb5 doesn't map a particular principal, Kudu will convert into a username by taking the first component of the principal.
krb5-based mapping may be disabled by setting --use_system_auth_to_local to false, in which case Kudu will always use the automatic conversion described above.