Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-2953

Document Kerberos auth_to_local behavior

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 1.11.0
    • None
    • documentation, security
    • None

    Description

      We should document how Kudu maps Kerberos principals to local (short) usernames.

      Unlike other Hadoop ecosystem components, Kudu doesn't support any custom mappings of its own. Instead, it defers to the Kerberos library itself, which may map principals depending on some krb5.conf configuration. If krb5 doesn't map a particular principal, Kudu will convert into a username by taking the first component of the principal.

      krb5-based mapping may be disabled by setting --use_system_auth_to_local to false, in which case Kudu will always use the automatic conversion described above.

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. KUDU-2954 Support custom auth_to_local mappings

          • Major - Major loss of function.
          • Open

          Activity

            People

              Unassigned Unassigned
              adar Adar Dembo
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated: