Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
2.2.0
Description
When re-generating auth-to-local rules where existing rules are already set, the default (or fallback) rule for the default and additional realms is duplicated but the extra instance(s) have the case-insensitive flag:
Example:
Was
... RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*// ...
Becomes
... RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*// RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*///L ...
Steps to Reproduce
- Create cluster with (at least) HDFS
- Enable Kerberos (do not check the box next to "Enable case insensitive username rules"; kerberos-env/case_insensitive_username_rules should be false
- Edit Kerberos configuration and check "Enable case insensitive username rules" to set kerberos-env/case_insensitive_username_rules to true
- Regenerate Keytabs
- See duplicate entry in HDFS configs (core-site/hadoop.security.auth_to_local)
Attachments
Attachments
Issue Links
- links to