HDP uses a rule-based system to create mappings between service principals and
their related UNIX usernames. The rules are specified in the
core-site.xml
configuration file as the value to the
optional key hadoop.security.auth_to_local
.
The default rule is simply named DEFAULT
. It translates all
principals in your default domain to their first component. For example,
myusername@APACHE.ORG
and
myusername/admin@APACHE.ORG
both become
myusername
, assuming your default domain is
APACHE.ORG.
Use the following instructions to configure the mappings between principals and UNIX usernames: