Security limitations

Here are some limitations related to data encryption and authorization in Kudu.

  • Data encryption at rest is not directly built into Kudu. Encryption of Kudu data at rest can be achieved through the use of local block device encryption software such as dmcrypt.

  • Row-level authorization is not available.

  • Kudu does not support configuring a custom service principal for Kudu processes. The principal must follow the pattern kudu/<HOST>@<DEFAULT.REALM>.

  • Server certificates generated by Kudu IPKI are incompatible with bouncycastle version 1.52 and earlier.
  • The highest supported version of the TLS protocol is TLSv1.2
  • When you are creating a new Kudu service using the Ranger web UI, the Test Connection button is displayed. However, the TestConnection tab is not implemented in the Kudu Ranger plugin. As a result if you try to use it with Kudu it will fails, but that does not mean that the service is not working.