Security limitations

Here are some limitations related to data encryption and authorization in Kudu.

  • Data encryption at rest is not directly built into Kudu. Encryption of Kudu data at rest can be achieved through the use of local block device encryption software such as dmcrypt.

  • Row-level authorization is not available.

  • Kudu does not support configuring a custom service principal for Kudu processes. The principal must follow the pattern kudu/<HOST>@<DEFAULT.REALM>.

  • Server certificates generated by Kudu IPKI are incompatible with bouncycastle version 1.52 and earlier.
  • The highest supported version of the TLS protocol is TLSv1.2