Adriano created IMPALA-6973:
-------------------------------
Summary: auth_to_local not considered for delegated users
Key: IMPALA-6973
URL: https://issues.apache.org/jira/browse/IMPALA-6973
Project: IMPALA
Issue Type: Bug
Reporter: Adriano
When the user-names are stored in Active Directory in UPPERCASE, but all
usernames in linux/CDH are in lowercase it is usually used the user name
conversion by the auth_to_local_rule.
I.e.:
To perform this conversion, we use the rule:
auth_to_local=RULE:[1:$1@$0](.*@*.COMPANY.COM)s/@.*///L
with the switch "/L" to convert usernames to lower case.
This works for "normal user" authentication, i.e. the webinterfaces, access to
impala via ODBC.
However, when it is used the "delegation user", the auth_to_local_rule is not
used and to get it works the <user allowed to delegate> should be configured in
UPPERCASE.
We are checking auth_to_local for the User authentication:
https://github.com/cloudera/Impala/blob/cdh5-2.5.0_5.7.5/fe/src/main/java/com/cloudera/impala/authorization/User.java
but not for the delegated user:
https://github.com/cloudera/Impala/blob/87482a4f367f8c1edd12af494e4992ac8f7aa3ba/be/src/service/impala-hs2-server.cc#L308-L336
https://github.com/cloudera/Impala/blob/cdh5-2.5.0_5.7.5/be/src/service/impala-server.cc#L1197-L1230
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
