Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-21418

Ambari rebuilds custom auth_to_local rules changing its case sensitiveness option (/L) depending on the case_insensitive_username_rules.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.1.0
    • 2.5.3
    • ambari-server
    • None

    Description

      Ambari changes the auth to local custom rules /L state on rebuild depending on case_insensitive_username_rules.
      How to reproduce:
      1) Kerberize Ambari.
      2) Make sure these kerberos settings are set as follows:
      case_insensitive_username_rules = false
      manage_auth_to_local = true
      3) Add custom auth_to_local rule:

      RULE:[1:$1@$0](.*@HDP01.LOCAL)s/.*/ambari-qa//L

      (NB: HDP01.LOCAL realm was chosen to avoid matching the default kerberos realm, EXAMPLE.COM in my tests)
      4) Add a new service to the cluster that has kerberos configuration, in my case, tested with adding Spark2.
      5) After successful service addition, check the auth_to_local mappings again; the mapping we added in point 3 should now be missing the /L and be:

      RULE:[1:$1@$0](.*@HDP01.LOCAL)s/.*/ambari-qa/

      Attachments

        1. AMBARI-21418.patch
          19 kB
          Attila Magyar

        Issue Links

          links to

          Web Link review board

          Activity

            People

              amagyar Attila Magyar
              tsokorai Tomas Sokorai
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: