[AMBARI-16023] Auth-to-local rule generation duplicates default rules when adding case-insensitive default rules - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 2.2.0
Fix Version/s: 2.4.0
Component/s: ambari-server
Labels:
- auth_to_local
- kerberos

Description

When re-generating auth-to-local rules where existing rules are already set, the default (or fallback) rule for the default and additional realms is duplicated but the extra instance(s) have the case-insensitive flag:

Example:

Was

...
RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
...

Becomes

...
RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*///L
...

Steps to Reproduce

Create cluster with (at least) HDFS
Enable Kerberos (do not check the box next to "Enable case insensitive username rules"; kerberos-env/case_insensitive_username_rules should be false
Edit Kerberos configuration and check "Enable case insensitive username rules" to set kerberos-env/case_insensitive_username_rules to true
Regenerate Keytabs
See duplicate entry in HDFS configs (core-site/hadoop.security.auth_to_local)

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

AMBARI-16023_trunk_01.patch
25/Apr/16 18:56
7 kB
Robert Levas

Issue Links

links to

ReviewBoard

Activity

People

Assignee:: Robert Levas

Reporter:: Robert Levas

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 21/Apr/16 18:28

Updated:: 26/Apr/16 18:24

Resolved:: 26/Apr/16 14:55