Details
-
Task
-
Status: Resolved
-
Major
-
Resolution: Duplicate
-
2.0.0
Description
Remove toLowerCase() from userPrincipalName in default Kerberos principal create template. This is creating an issue with principals that have upper-cased characters and Active Directory such that when kinit-ing, authenticating fails:
kinit -V -k -t /etc/security/keytabs/spnego.service.keytab
HTTP/c6501.ambari.apache.org Using default cache: /tmp/krb5cc_0 Using principal: HTTP/c6501.ambari.apache.org@HDP01.LOCAL Using keytab: /etc/security/keytabs/spnego.service.keytab kinit: Preauthentication failed while getting initial credentials
An example of the offending template is as follows:
from kerberos-env.xml
{ "objectClass": ["top", "person", "organizationalPerson", "user"], "cn": "$principal_name", #if( $is_service ) "servicePrincipalName": "$principal_name", #end "userPrincipalName": "$normalized_principal.toLowerCase()", "unicodePwd": "$password", "accountExpires": "0", "userAccountControl": "66048" }
Attachments
Issue Links
- is duplicated by
-
AMBARI-9295 Remove toLowerCase() from userPrincipalName in default Kerberos principal create template
- Resolved