Todd Lipcon created KUDU-2198:

             Summary: Allow disregarding system-wide auth-to-local mapping
                 Key: KUDU-2198
             Project: Kudu
          Issue Type: Improvement
          Components: security
    Affects Versions: 1.6.0
            Reporter: Todd Lipcon
            Assignee: Todd Lipcon

Per a thread on the mailing list, some users have their krb5.conf set up in 
such a way that auth_to_local mapping doesn't apply correctly to Kudu service 
accounts. This doesn't cause problems for other Java-based Hadoop ecosystem 
services, because they don't respect the localauth plugins defined in krb5.conf 
but rather use their own auth_to_local mappings defined in the Hadoop 
configuration file.

Longer term we could support our own custom mappings, but a simple interim 
solution is just to allow using the 'simple' mapping of taking the first 
component of the principal as the short username.

This message was sent by Atlassian JIRA

Reply via email to