[
https://issues.apache.org/jira/browse/ACCUMULO-4492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15556325#comment-15556325
]
Christopher Tubbs commented on ACCUMULO-4492:
---------------------------------------------
It sounds like you're suggesting something like what idmapd does, but as a
one-time use, instead of as a persistent mapping service.
> operations tool to migrate existing users when enabling Kerberos
> ----------------------------------------------------------------
>
> Key: ACCUMULO-4492
> URL: https://issues.apache.org/jira/browse/ACCUMULO-4492
> Project: Accumulo
> Issue Type: New Feature
> Reporter: Sean Busbey
> Fix For: 2.0.0
>
>
> When converting an existing cluster to use Kerberos, existing user
> permissions aren't much use unless the user names happen to be formatted like
> Kerberos principals.
> An offline tool that folks migrating can use to map existing user names to
> principals would be super useful.
> Essentially something like:
> {code}
> $ accumulo kerberos-migration --include-users=* --exclude-users=root
> --no-instance --realm=EXAMPLE.COM
> Migrating users matching '*' and not matching 'root'.
> User principals will not have an instance component.
> User principals will be in the realm 'EXAMPLE.COM'
> Found user 'auser', converted to 'au...@example.com'
> Found user 'another_user', converted to 'another_u...@example.com'
> Found user 'hpnewton', converted to 'hpnew...@example.com'
> Found user 'root', skipped due to exclusion rule
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
