[AMBARI-9295] Remove toLowerCase() from userPrincipalName in default Kerberos principal create template - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.0.0
Fix Version/s: 2.0.0
Component/s: ambari-server, stacks
Labels:

Epic Link:
Ambari Automated Kerberization

Description

Remove toLowerCase() from userPrincipalName in default Kerberos principal create template. This is creating an issue with principals that have upper-cased characters and Active Directory such that when kinit-ing, authenticating fails:

kinit -V -k -t /etc/security/keytabs/spnego.service.keytab

HTTP/c6501.ambari.apache.org
Using default cache: /tmp/krb5cc_0
Using principal: HTTP/c6501.ambari.apache.org@HDP01.LOCAL
Using keytab: /etc/security/keytabs/spnego.service.keytab
kinit: Preauthentication failed while getting initial credentials

An example of the offending template is as follows:

from kerberos-env.xml

{
  "objectClass": ["top", "person", "organizationalPerson", "user"],
  "cn": "$principal_name",
  #if( $is_service )
  "servicePrincipalName": "$principal_name",
  #end
  "userPrincipalName": "$normalized_principal.toLowerCase()",
  "unicodePwd": "$password",
  "accountExpires": "0",
  "userAccountControl": "66048"
}

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

AMBARI-9295_01.patch
27/Jan/15 20:29
5 kB
Robert Levas

Issue Links

duplicates

AMBARI-9359 Remove toLowerCase() from userPrincipalName in default Kerberos principal create template

Resolved

links to

ReviewBoard

Activity

People

Assignee:: Robert Levas

Reporter:: Robert Levas

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 23/Jan/15 12:06

Updated:: 02/Feb/15 22:54

Resolved:: 28/Jan/15 19:15