[jira] [Updated] (KAFKA-5801) Use hadoop.security.auth_to_local if available

Ismael Juma (JIRA) Sat, 28 Oct 2017 08:40:16 -0700

     [ 
https://issues.apache.org/jira/browse/KAFKA-5801?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Ismael Juma updated KAFKA-5801:
-------------------------------
    Affects Version/s:     (was: 0.10.2.0)
                           (was: 0.9.0.1)
                           (was: 0.8.2.2)
                       0.10.0.0

> Use hadoop.security.auth_to_local if available
> ----------------------------------------------
>
>                 Key: KAFKA-5801
>                 URL: https://issues.apache.org/jira/browse/KAFKA-5801
>             Project: Kafka
>          Issue Type: Improvement
>    Affects Versions: 0.10.0.0, 0.11.0.0
>         Environment: hadoop 2.6
>            Reporter: Ruslan Dautkhanov
>            Priority: Critical
>              Labels: authentication, authorization, kerberos, sasl, security
>
> As discussed in [comments for 
> KAFKA-5764|https://issues.apache.org/jira/browse/KAFKA-5764?focusedCommentId=16143499&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16143499],
>  would be great if Kafka would optionally use `hadoop.security.auth_to_local` 
> whenever available and fallback to `sasl.kerberos.principal.to.local.rules` 
> if `hadoop.security.auth_to_local` isn't set / isn't available.
> We have so many components use `hadoop.security.auth_to_local` - including 
> hdfs, yarn, hive, spark, impala and it seems that we would need to duplicate 
> `auth_to_local` rules into Kafka config. We have a lot of rules in 
> `hadoop.security.auth_to_local` so it would be much easier to maintain if 
> it's in one place.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (KAFKA-5801) Use hadoop.security.auth_to_local if available

Reply via email to