Todd Lipcon created KUDU-2198:
---------------------------------
Summary: Allow disregarding system-wide auth-to-local mapping
Key: KUDU-2198
URL: https://issues.apache.org/jira/browse/KUDU-2198
Project: Kudu
Issue Type: Improvement
Components: security
Affects Versions: 1.6.0
Reporter: Todd Lipcon
Assignee: Todd Lipcon
Per a thread on the mailing list, some users have their krb5.conf set up in
such a way that auth_to_local mapping doesn't apply correctly to Kudu service
accounts. This doesn't cause problems for other Java-based Hadoop ecosystem
services, because they don't respect the localauth plugins defined in krb5.conf
but rather use their own auth_to_local mappings defined in the Hadoop
configuration file.
Longer term we could support our own custom mappings, but a simple interim
solution is just to allow using the 'simple' mapping of taking the first
component of the principal as the short username.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
