Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-10556

Add toLowerCase support to auth_to_local rules for service name

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.4.0
    • Fix Version/s: 2.5.0
    • Component/s: security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      When using Vintela to integrate Linux with AD, principals are lowercased. If the accounts in AD have uppercase characters (ie FooBar) the Kerberos principals have also uppercase characters (ie FooBar/<HOST>). Because of this, when a service (Yarn/HDFS) extracts the service name from the Kerberos principal (FooBar) and uses it for obtain groups the user is not found because via Linux the user FooBar is unknown, it has been converted to foobar.

        Attachments

        1. HADOOP-10556.patch
          5 kB
          Alejandro Abdelnur
        2. HADOOP-10556.patch
          5 kB
          Alejandro Abdelnur

          Activity

            People

            • Assignee:
              tucu00 Alejandro Abdelnur
              Reporter:
              tucu00 Alejandro Abdelnur
            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: