[
https://issues.apache.org/jira/browse/IMPALA-6973?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tim Armstrong reassigned IMPALA-6973:
-------------------------------------
Assignee: (was: Tim Armstrong)
> auth_to_local not considered for delegated users
> ------------------------------------------------
>
> Key: IMPALA-6973
> URL: https://issues.apache.org/jira/browse/IMPALA-6973
> Project: IMPALA
> Issue Type: Bug
> Components: Backend
> Reporter: Adriano
> Priority: Major
> Labels: seca
>
> When the user-names are stored in Active Directory in UPPERCASE, but all
> usernames in linux/CDH are in lowercase it is usually used the user name
> conversion by the auth_to_local_rule.
> I.e.:
> To perform this conversion, we use the rule:
> auth_to_local=RULE:[1:$1@$0](.*@*.COMPANY.COM)s/@.*///L
> with the switch "/L" to convert usernames to lower case.
> This works for "normal user" authentication, i.e. the webinterfaces, access
> to impala via ODBC.
> However, when it is used the "delegation user", the auth_to_local_rule is not
> used and to get it works the <user allowed to delegate> should be configured
> in UPPERCASE.
> We are checking auth_to_local for the User authentication:
> https://github.com/cloudera/Impala/blob/cdh5-2.5.0_5.7.5/fe/src/main/java/com/cloudera/impala/authorization/User.java
> but not for the delegated user:
> https://github.com/cloudera/Impala/blob/87482a4f367f8c1edd12af494e4992ac8f7aa3ba/be/src/service/impala-hs2-server.cc#L308-L336
> https://github.com/cloudera/Impala/blob/cdh5-2.5.0_5.7.5/be/src/service/impala-server.cc#L1197-L1230
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
