You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@kudu.apache.org by "Adar Dembo (Jira)" <ji...@apache.org> on 2019/09/24 17:41:00 UTC
[jira] [Created] (KUDU-2953) Document Kerberos auth_to_local
behavior
Adar Dembo created KUDU-2953:
--------------------------------
Summary: Document Kerberos auth_to_local behavior
Key: KUDU-2953
URL: https://issues.apache.org/jira/browse/KUDU-2953
Project: Kudu
Issue Type: Improvement
Components: documentation, security
Affects Versions: 1.11.0
Reporter: Adar Dembo
We should document how Kudu maps Kerberos principals to local (short) usernames.
Unlike other Hadoop ecosystem components, Kudu doesn't support any custom mappings of its own. Instead, it defers to the Kerberos library itself, which may map principals depending on some [krb5.conf configuration|https://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html#realms]. If krb5 doesn't map a particular principal, Kudu will convert into a username by taking the first component of the principal.
krb5-based mapping may be disabled by setting {{--use_system_auth_to_local}} to false, in which case Kudu will always use the automatic conversion described above.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)