Eric Yang created HADOOP-15996:
----------------------------------
Summary: Plugin interface to support more complex usernames in
Hadoop
Key: HADOOP-15996
URL: https://issues.apache.org/jira/browse/HADOOP-15996
Project: Hadoop Common
Issue Type: New Feature
Components: security
Reporter: Eric Yang
Hadoop does not allow support of @ character in username in recent security
mailing list vote to revert HADOOP-12751. Hadoop auth_to_local rule must match
to authorize user to login to Hadoop cluster. This design does not work well
in multi-realm environment where identical username between two realms do not
map to the same user. There is also possibility that lossy regex can incorrect
map users. In the interest of supporting multi-realms, it maybe preferred to
pass principal name without rewrite to uniquely distinguish users. This jira
is to revisit if Hadoop can support full principal names without rewrite and
provide a plugin to override Hadoop's default implementation of auth_to_local
for multi-realm use case.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
