[ https://issues.apache.org/jira/browse/KAFKA-5801?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ismael Juma updated KAFKA-5801: ------------------------------- Affects Version/s: (was: 0.10.2.0) (was: 0.9.0.1) (was: 0.8.2.2) 0.10.0.0 > Use hadoop.security.auth_to_local if available > ---------------------------------------------- > > Key: KAFKA-5801 > URL: https://issues.apache.org/jira/browse/KAFKA-5801 > Project: Kafka > Issue Type: Improvement > Affects Versions: 0.10.0.0, 0.11.0.0 > Environment: hadoop 2.6 > Reporter: Ruslan Dautkhanov > Priority: Critical > Labels: authentication, authorization, kerberos, sasl, security > > As discussed in [comments for > KAFKA-5764|https://issues.apache.org/jira/browse/KAFKA-5764?focusedCommentId=16143499&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16143499], > would be great if Kafka would optionally use `hadoop.security.auth_to_local` > whenever available and fallback to `sasl.kerberos.principal.to.local.rules` > if `hadoop.security.auth_to_local` isn't set / isn't available. > We have so many components use `hadoop.security.auth_to_local` - including > hdfs, yarn, hive, spark, impala and it seems that we would need to duplicate > `auth_to_local` rules into Kafka config. We have a lot of rules in > `hadoop.security.auth_to_local` so it would be much easier to maintain if > it's in one place. -- This message was sent by Atlassian JIRA (v6.4.14#64029)