Jeffrey Smith created KUDU-3676:
-----------------------------------
Summary: Add support for Hadoop auth_to_local mappings
Key: KUDU-3676
URL: https://issues.apache.org/jira/browse/KUDU-3676
Project: Kudu
Issue Type: Improvement
Components: security
Reporter: Jeffrey Smith
While using Kudu and Ranger, we ran into an issue with principal mapping.
Some of our principals end up in this format: [email protected] (as an
example).
For most services we use, this doesn't cause any issues since we use Hadoop
auth_to_local rules to map them to the expected output, which would be
[email protected]. We only use Hadoop's auth_to_local rules for principal mapping.
Because there are no mapping in krb5.conf, Kudu passes along the first part of
the principal to Ranger and ranger correctly determines that spark-rangerkudu
does not match the spark user, for whom we have defined access rules.
This affects any principal where the first field does not match what we want
the transformed output to be.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
