Security limitations
Here are some limitations related to data encryption and authorization in Kudu.
-
Data encryption at rest is not directly built into Kudu. Encryption of Kudu data at rest can be achieved through the use of local block device encryption software such as
dmcrypt
. -
Row-level authorization is not available.
-
Kudu does not support configuring a custom service principal for Kudu processes. The principal must follow the pattern
kudu/<HOST>@<DEFAULT.REALM
>. - Server certificates generated by Kudu IPKI are incompatible with bouncycastle version 1.52 and earlier.
- The highest supported version of the TLS protocol is TLSv1.2