Isilon HDFS with Cloudera kerberized with MIT KDC + LDAP to AD

Hi everyone, I'm not familiar with Hadoop generally but am hoping to seek some advice on a question below.

IHAC that has Isilon kerberized with Cloudera to MIT KDC.  The Hadoop access zones has 3 authentication providers :

Local (which has since has all users disabled since we're authenticating via kerberos only)

krb5

LDAP:Active Directory

The customer normally creates new users in AD which we can see when we browsed in the OneFS GUI under Roles & Memberships.

Some of these users are added to specific HDFS proxyusers and all is well.

The question customer is posing is that there are some user accounts that are not created from AD and are instead created in Kerberos instead.  Users for these accounts in Kerberos do not want to be associated to AD at all.

In this specific case, under Roles and Memberships and under the krb5 provider, there is no user account being shown.

So how do we add a Kerberos user to proxyusers in this particular scenario?  Or if it's not possible at all.

Thanks for reading and hope to get some advice on this.