HDP uses a rule-based system to create mappings between service principals and
their related OS service usernames. The rules are specified in the
core-site.xml configuration file as the value to the
optional key hadoop.security.auth_to_local.
The default rule is simply named DEFAULT. It translates all
principals in your default domain to their first component. For example,
myusername@APACHE.ORG and
myusername/admin@APACHE.ORG both become
myusername, assuming your default domain is APACHE.ORG. So if
the service principal and the OS service username are the same, the default rule
suffices. If the two names are not identical, you must create rules to do the
mapping.
