I believe that this is incorrect and maybe the issue is not really as indicated in the description. This is what would happen assuming my user kinit-ed as [email protected] and the auth-to-local rules translated that principal to "rlevas" - which is the default behavior when Ambari manages the auth-to-local rules and the configured realm is EXAMPLE.COM:
``` [rlevas@c7401 ~]$ hdfs dfs -ls /user Found 4 items drwxrwx--- - ambari-qa hdfs 0 2018-08-03 21:27 /user/ambari-qa drwxrwxr-x - oozie hdfs 0 2018-08-03 23:16 /user/oozie drwx------ - rlevas hdfs 0 2018-09-06 13:39 /user/rlevas drwx------ - [email protected] hdfs 0 2018-09-06 13:43 /user/rlevas_princ [rlevas@c7401 ~]$ hdfs dfs -ls /user/rlevas_princ ls: Permission denied: user=rlevas, access=READ_EXECUTE, inode="/user/rlevas_princ":[email protected]:hdfs:drwx------ ``` [ Full content available at: https://github.com/apache/ambari/pull/2256 ] This message was relayed via gitbox.apache.org for [email protected]
