Kerberos auth - Host Based Service

Is it possible to use a host-based-service with Vault + Raft / Shared config?

A upn in Kerberos looks like myname@DOMAIN.COM

Whereas a host-based-service looks like: service/MYHOST.DOMAIN.COM@DOMAIN.COM

Hadoop and other services use a placeholder for using host-based-services…


I don’t see a way to use a host-based service with Raft as the configuration is shared, and we can’t know ahead of time which server will receive the request.

We would need someway to template the service_name configuration parameter with _HOST placeholder like Hadoop does.