You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@kudu.apache.org by "Todd Lipcon (JIRA)" <ji...@apache.org> on 2017/10/24 19:46:00 UTC

[jira] [Updated] (KUDU-2198) Allow disregarding system-wide auth-to-local mapping

     [ https://issues.apache.org/jira/browse/KUDU-2198?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Todd Lipcon updated KUDU-2198:
------------------------------
    Status: In Review  (was: Open)

> Allow disregarding system-wide auth-to-local mapping
> ----------------------------------------------------
>
>                 Key: KUDU-2198
>                 URL: https://issues.apache.org/jira/browse/KUDU-2198
>             Project: Kudu
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 1.6.0
>            Reporter: Todd Lipcon
>            Assignee: Todd Lipcon
>
> Per a thread on the mailing list, some users have their krb5.conf set up in such a way that auth_to_local mapping doesn't apply correctly to Kudu service accounts. This doesn't cause problems for other Java-based Hadoop ecosystem services, because they don't respect the localauth plugins defined in krb5.conf but rather use their own auth_to_local mappings defined in the Hadoop configuration file.
> Longer term we could support our own custom mappings, but a simple interim solution is just to allow using the 'simple' mapping of taking the first component of the principal as the short username.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)