[AMBARI-11687] Kerberos: Force principal names to resolve to lowercase lower usernames in auth-to-local default rules - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 2.0.1
Fix Version/s: 2.1.0
Component/s: ambari-server
Labels:
None

Description

Force principals names to resolve to lowercase local usernames in auth-to-local rules. This will help when the KDC is an MIT KDC or an Active Directory and user accounts have uppercase letters that need to be converted to lowercase letters. For example: USER1234@REALM should resolve to user1234.

Solution

Provide a kerberos-env configuration to optionally create case-insensitive rules
If creating case-insensitive rules, generic auth-to-local rules should contain the L option, as in:
```
RULE:[1:$1@$0](.*@REALM)s/@.*///L
```

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

AMBARI-11687.patch
04/Jun/15 14:45
26 kB
Emil Anca
AMBARI-11687_02.patch
05/Jun/15 13:50
7 kB
Emil Anca
AMBARI-11687_03.patch
09/Jun/15 09:47
8 kB
Emil Anca

Issue Links

links to

Review Request

Activity

People

Assignee:: Emil Anca

Reporter:: Emil Anca

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 04/Jun/15 14:04

Updated:: 09/Jun/15 17:15

Resolved:: 09/Jun/15 15:22