KIP-203 — Add toLowerCase support to sasl.kerberos.principal.to.local rule
Accepted Kafka 1.1 Security
Extends sasl.kerberos.principal.to.local.rules with a /L modifier that lowercases the resulting principal name, enabling mapping of Kerberos principals like user@REALM to lowercase Linux usernames. Without this, the default principal extraction produces case-sensitive names that don't match lowercase Linux users, causing authentication failures.
Details
| Author | Manikumar Reddy O. |
| Status | Accepted |
| Kafka Version | 1.1 |
| JIRA | KAFKA-5764 |
| Wiki | View on Apache Wiki |
| Created | 2017-09-18 |
| Last Modified | 2019-09-02 |
Explore how this KIP affects the Kafka protocol in the Protocol Explorer, or see the full KIP database.