[ https://issues.apache.org/jira/browse/ACCUMULO-4492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15556325#comment-15556325 ]
Christopher Tubbs commented on ACCUMULO-4492: --------------------------------------------- It sounds like you're suggesting something like what idmapd does, but as a one-time use, instead of as a persistent mapping service. > operations tool to migrate existing users when enabling Kerberos > ---------------------------------------------------------------- > > Key: ACCUMULO-4492 > URL: https://issues.apache.org/jira/browse/ACCUMULO-4492 > Project: Accumulo > Issue Type: New Feature > Reporter: Sean Busbey > Fix For: 2.0.0 > > > When converting an existing cluster to use Kerberos, existing user > permissions aren't much use unless the user names happen to be formatted like > Kerberos principals. > An offline tool that folks migrating can use to map existing user names to > principals would be super useful. > Essentially something like: > {code} > $ accumulo kerberos-migration --include-users=* --exclude-users=root > --no-instance --realm=EXAMPLE.COM > Migrating users matching '*' and not matching 'root'. > User principals will not have an instance component. > User principals will be in the realm 'EXAMPLE.COM' > Found user 'auser', converted to 'au...@example.com' > Found user 'another_user', converted to 'another_u...@example.com' > Found user 'hpnewton', converted to 'hpnew...@example.com' > Found user 'root', skipped due to exclusion rule > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)