[jira] [Created] (IMPALA-6973) auth_to_local not considered for delegated users

Adriano (JIRA) Fri, 04 May 2018 02:31:58 -0700

Adriano created IMPALA-6973:
-------------------------------

             Summary: auth_to_local not considered for delegated users
                 Key: IMPALA-6973
                 URL: https://issues.apache.org/jira/browse/IMPALA-6973
             Project: IMPALA
          Issue Type: Bug
            Reporter: Adriano



When the user-names are stored in Active Directory in UPPERCASE, but all 
usernames in linux/CDH are in lowercase it is usually used the user name 
conversion by the auth_to_local_rule.

I.e.:
To perform this conversion, we use the rule:
auth_to_local=RULE:[1:$1@$0](.*@*.COMPANY.COM)s/@.*///L
with the switch "/L" to convert usernames to lower case.

This works for "normal user" authentication, i.e. the webinterfaces, access to 
impala via ODBC.

However, when it is used the "delegation user", the auth_to_local_rule is not 
used and to get it works the <user allowed to delegate> should be configured in 
UPPERCASE.

We are checking auth_to_local for the User authentication:
https://github.com/cloudera/Impala/blob/cdh5-2.5.0_5.7.5/fe/src/main/java/com/cloudera/impala/authorization/User.java

but not for the delegated user:

https://github.com/cloudera/Impala/blob/87482a4f367f8c1edd12af494e4992ac8f7aa3ba/be/src/service/impala-hs2-server.cc#L308-L336

https://github.com/cloudera/Impala/blob/cdh5-2.5.0_5.7.5/be/src/service/impala-server.cc#L1197-L1230



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org
For additional commands, e-mail: issues-all-h...@impala.apache.org

[jira] [Created] (IMPALA-6973) auth_to_local not considered for delegated users

Reply via email to