Appendix C - Configuring the Mapping from Kerberos Principals to Short Names
You can use the hadoop.security.auth_to_local property setting in the core-site.xml file to configure the mapping from Kerberos principals to short names. Kerberos has this support natively, and Hadoop's implementation reuses Kerberos's configuration language to specify the mapping.
A mapping consists of a set of rules that are evaluated in the order listed in the hadoop.security.auth_to_local property. The first rule that matches a principal name is used to map that principal name to a short name. Any later rules in the list that match the same principal name are ignored.
You specify the mapping rules on separate lines in the hadoop.security.auth_to_local property as follows:
<property> <name>hadoop.security.auth_to_local</name> <value> RULE:[<principal translation>](<acceptance filter>)<short name substitution> RULE:[<principal translation>](<acceptance filter>)<short name substitution> DEFAULT </value> </property>
For more information, see Specifying the Mapping Rules.
|<< Previous: YARN Only: The Linux Container Executor Program||Next: Specifying the Mapping Rules >>|