Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Pluggable auth_to_local Mapping

Highlighted

Pluggable auth_to_local Mapping

Guru

Is it possible to either create a pluggable script for handling auth_to_local mappings or load those mappings from an external file/data source rather than manually defining them in hadoop.security.auth_to_local through Ambari? I have a situation where the mappings are really complex and change often and it isn't acceptable to restart every time a change takes place.

1 REPLY 1

Re: Pluggable auth_to_local Mapping

Hmmm... I don't think this is possible. You should not have to keep changing auth_to_local mapping so regularly. It means you have a lot of local users on the box. Why don't you setup the cluster with SSSD, or with Centrify for AD, with the LDAP proxy, to not have any local users on the cluster except for the service users? If you have an existing cluster keep the service users like, hdfs, hbase, ambari-qa local and do your auth_to_local mappings for those, but all actual users are materialized using SSSD and do not map to local users. You can then clean up you /etc/psswd file on each node.