Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

I find the auth_to_local documentation confusing, what does [1:$1:$0] actual mean?

Solved Go to solution

I find the auth_to_local documentation confusing, what does [1:$1:$0] actual mean?

Contributor

NOTE: My question is in regards to this HW doc: http://hortonworks.com/blog/fine-tune-your-apache-hadoop-security-settings/

I'm very familiar with regex's so I understand the `s/@.*//` portions regarding rules like this:

RULE:[1:$1@$0](.*@YOUR.REALM)s/@.*//

And I've re-read this paragraph multiple times.

The translations rules have 3 sections: base, filter, and substitution.

The base is the number of components in the principal name excluding the realm and the pattern for building the name from the sections of the principal name. The base uses $0 to mean the realm, $1 to mean the first component and $2 to mean the second component.

But it's unclear to me what the "[1:" means in the rule above. Additionally what does the "[2:" mean in this rule?

[2:$1%$2] translates “username/admin@APACHE.ORG” to “username%admin”

I'm guessing it's a rule # that tells what order to apply the rules, but that's a total guess.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: I find the auth_to_local documentation confusing, what does [1:$1:$0] actual mean?

Contributor

Found my own answer after Googling a bit more in Community Connections here: https://community.hortonworks.com/articles/14463/auth-to-local-rules-syntax.html.

[n:string]

Indicates a matching rule where n declares the number of expected components in the principal. Components are separated by a /, where a user account has one component (ambari-qa) and a service account has two components (nn/fqdn). The string value declares how to reformat the value to be used in the rest of the expression. The placeholders are as follows:

$0 - realm
$1 - 1st component
$2 - 2nd component
1 REPLY 1
Highlighted

Re: I find the auth_to_local documentation confusing, what does [1:$1:$0] actual mean?

Contributor

Found my own answer after Googling a bit more in Community Connections here: https://community.hortonworks.com/articles/14463/auth-to-local-rules-syntax.html.

[n:string]

Indicates a matching rule where n declares the number of expected components in the principal. Components are separated by a /, where a user account has one component (ambari-qa) and a service account has two components (nn/fqdn). The string value declares how to reformat the value to be used in the rest of the expression. The placeholders are as follows:

$0 - realm
$1 - 1st component
$2 - 2nd component