Todd Lipcon created KUDU-2198:
---------------------------------

             Summary: Allow disregarding system-wide auth-to-local mapping
                 Key: KUDU-2198
                 URL: https://issues.apache.org/jira/browse/KUDU-2198
             Project: Kudu
          Issue Type: Improvement
          Components: security
    Affects Versions: 1.6.0
            Reporter: Todd Lipcon
            Assignee: Todd Lipcon


Per a thread on the mailing list, some users have their krb5.conf set up in 
such a way that auth_to_local mapping doesn't apply correctly to Kudu service 
accounts. This doesn't cause problems for other Java-based Hadoop ecosystem 
services, because they don't respect the localauth plugins defined in krb5.conf 
but rather use their own auth_to_local mappings defined in the Hadoop 
configuration file.

Longer term we could support our own custom mappings, but a simple interim 
solution is just to allow using the 'simple' mapping of taking the first 
component of the principal as the short username.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to