Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Need directions to create a specific Hadoop Security Auth to Local rule.

Highlighted

Need directions to create a specific Hadoop Security Auth to Local rule.

New Contributor

In our environment we have two types of AD principals coming in

1. svcuxhstqhwd@R1-CORE.R1.NET

2. prvuxshsheth@R1-CORE.R1.NET

What shall be my auth-to-local rule so that the final result will be just hstqhwd and shsheth.

I am not very good with sed and so need this help.

5 REPLIES 5

Re: Need directions to create a specific Hadoop Security Auth to Local rule.

@Shashang Sheth

You can take a look at this article on the auth-to-local rule syntax - Auth-to-local Rules Syntax

Meanwhile, the rule you might be are looking for is

RULE:[1:$1@$0](.*@R1-CORE.R1.NET)s/(svcux|prvux)(\w+)@.*/$2/
# hadoop org.apache.hadoop.security.HadoopKerberosName svcuxhstqhwd@R1-CORE.R1.NET
Name: svcuxhstqhwd@R1-CORE.R1.NET to hstqhwd
# hadoop org.apache.hadoop.security.HadoopKerberosName prvuxshsheth@R1-CORE.R1.NET
Name: prvuxshsheth@R1-CORE.R1.NET to shsheth

Re: Need directions to create a specific Hadoop Security Auth to Local rule.

New Contributor

@Robert Levas

Looks good. I'll verify it in our environment next Friday and update. Thanks for your quick response.

I had gone through the link you provided before posting this question here.

Re: Need directions to create a specific Hadoop Security Auth to Local rule.

New Contributor

@Robert Levas

I realised that our case is a bit more complicated then the just the two kind of ids I provided. We therefore haven't implemented your suggestion. However, this will definitely be useful to me in future. Thanks once again for your suggestion.

Regards,

Shashang Sheth

Re: Need directions to create a specific Hadoop Security Auth to Local rule.

No problem. Let me know if I can help build the more complicated rules or set of rules.

Re: Need directions to create a specific Hadoop Security Auth to Local rule.

New Contributor

@Robert Levas

I realised that our case is a bit more complicated then the just the two kind of ids I provided. We therefore haven't implemented your suggestion. However, this will definitely be useful to me in future. Thanks once again for your suggestion.

Regards,

Shashang Sheth