Bharath Vissapragada has posted comments on this change. Change subject: IMPALA-2660: Respect auth_to_local configs from hdfs configs ......................................................................
Patch Set 4: >Isn't that an expectation for the behaviour of auth_to_local - that it will >transform supplied principals in order to enable authentication? Does Hadoop >work like that? Per my understanding of Kerberos, this is only called post authentication and auth_to_local rules map the *authenticated* principal (aname) to a local user (lname). The corresponding api call is krb5_aname_to_localname(). More details at http://web.mit.edu/kerberos/krb5-1.12/doc/appdev/refs/api/krb5_aname_to_localname.html#c.krb5_aname_to_localname http://web.mit.edu/kerberos/krb5-1.12/doc/plugindev/localauth.html And yes I think Hadoop works like that too. -- To view, visit http://gerrit.cloudera.org:8080/2800 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: I76485b83c14ba26f6fce66e5f83e8014667829e0 Gerrit-PatchSet: 4 Gerrit-Project: Impala Gerrit-Branch: cdh5-trunk Gerrit-Owner: Bharath Vissapragada <[email protected]> Gerrit-Reviewer: Alex Behm <[email protected]> Gerrit-Reviewer: Bharath Vissapragada <[email protected]> Gerrit-Reviewer: Henry Robinson <[email protected]> Gerrit-Reviewer: Juan Yu <[email protected]> Gerrit-Reviewer: Sailesh Mukil <[email protected]> Gerrit-HasComments: No
