Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-9359

Remove toLowerCase() from userPrincipalName in default Kerberos principal create template

    XMLWordPrintableJSON

Details

    Description

      Remove toLowerCase() from userPrincipalName in default Kerberos principal create template. This is creating an issue with principals that have upper-cased characters and Active Directory such that when kinit-ing, authenticating fails:

      kinit -V -k -t /etc/security/keytabs/spnego.service.keytab
      HTTP/c6501.ambari.apache.org
      Using default cache: /tmp/krb5cc_0
      Using principal: HTTP/c6501.ambari.apache.org@HDP01.LOCAL
      Using keytab: /etc/security/keytabs/spnego.service.keytab
      kinit: Preauthentication failed while getting initial credentials
      

      An example of the offending template is as follows:

      from kerberos-env.xml
      {
        "objectClass": ["top", "person", "organizationalPerson", "user"],
        "cn": "$principal_name",
        #if( $is_service )
        "servicePrincipalName": "$principal_name",
        #end
        "userPrincipalName": "$normalized_principal.toLowerCase()",
        "unicodePwd": "$password",
        "accountExpires": "0",
        "userAccountControl": "66048"
      }
      

      Attachments

        Issue Links

          Activity

            People

              rlevas Robert Levas
              rlevas Robert Levas
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: