Michael Ho has uploaded this change for review. ( http://gerrit.cloudera.org:8080/12405
Change subject: IMPALA-8154: Disable Kerberos auth_to_local setting ...................................................................... IMPALA-8154: Disable Kerberos auth_to_local setting Before KRPC, the local name mapping was done from the principal name entirely. With KRPC, Impala started to use the system auth_to_local rules as the Kudu security code has "--use_system_auth_to_local=true" by default. This can cause regression if local auth is configured in the krb5.conf (e.g. with SSSD with AD) as we started enforcing authorization based on Kerberos principal after this commit (https://github.com/apache/impala/commit/5c541b960491ba91533712144599fb3b6d99521d) This change fixes the problem by explicitly setting FLAGS_use_system_auth_to_local to false during initialization. Testing done: Enabled auth_to_local in a Kerberized cluster to map "impala/<hostname>" to foobar and verified queries still worked as expected. Change-Id: I0b0ad79b56cd5cdd3108c6f973e71a9416efbac8 --- M be/src/rpc/authentication.cc 1 file changed, 5 insertions(+), 0 deletions(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/05/12405/1 -- To view, visit http://gerrit.cloudera.org:8080/12405 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: I0b0ad79b56cd5cdd3108c6f973e71a9416efbac8 Gerrit-Change-Number: 12405 Gerrit-PatchSet: 1 Gerrit-Owner: Michael Ho <k...@cloudera.com>
