https://community.cloudera.com/t5/Support-Questions/Running-into-auth-to-local-rule-issue-during-Livy-kerberos/m-p/296835#M218447 <P>Thanks Bender.&nbsp; I appreciate the response.&nbsp; Just want to clarify a few things..</P><P>&nbsp;</P><P>* Livy itself is running as&nbsp;<SPAN>livyblauser@COMPANY.PRI</SPAN></P><P>* mzeoli@COMPANY.PRI&nbsp;is the user hitting the livy Web UI.</P><P>* Both livyblauser and mzeoli are AD accounts and have rights on the edge node livy is running on (nydc-pblalivy01, which is same box the HTTP service principal is for)</P><P>* Both have permission to read krb5.conf&nbsp; &nbsp;(its world readable, though I'm not sure why / how something would be hitting krb5.conf as mzeoli, since mzeoli is just the web UI user and should not own any process.&nbsp; Or perhaps I misunderstood you)</P><P>&nbsp;</P><P>Given that this works...</P><P>&nbsp;</P><PRE>[livyblauser@nydc-pblalivy01 hadoop]$ hadoop org.apache.hadoop.security.HadoopKerberosName mzeoli@COMPANY.PRI Name: mzeoli@COMPANY.PRI to mzeoli</PRE><P>&nbsp;</P><P>....It really feels like Livy isn't finding the rules it would expect to find, though I see the correct rules in /etc/hadoop/conf/core-site.xml.</P><P>&nbsp;</P><PRE>&lt;name&gt;hadoop.security.auth_to_local&lt;/name&gt; &lt;value&gt; RULE:[1:$1@$0](.*@\QBD.COMPANY.PRI\E$)s/@\QBD.COMPANY.PRI\E$// RULE:[2:$1@$0](.*@\QBD.COMPANY.PRI\E$)s/@\QBD.COMPANY.PRI\E$// RULE:[1:$1@$0](.*@\QCOMPANY.PRI\E$)s/@\QCOMPANY.PRI\E$// RULE:[2:$1@$0](.*@\QCOMPANY.PRI\E$)s/@\QCOMPANY.PRI\E$// DEFAULT &lt;/value&gt;</PRE><P>&nbsp;</P><P>Thanks,</P><P>Mike</P> Thu, 28 May 2020 20:41:12 GMT MikeZ 2020-05-28T20:41:12Z