[KUDU-2087] Failure to map principal to local username in FreeIPA-configured environment - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.3.1, 1.4.0
Fix Version/s: 1.3.2, 1.5.0, 1.4.1
Component/s: security
Labels:
None

Target Version/s:

1.3.2, 1.4.1

Description

FreeIPA is a tool provided by Red Hat which helps operators configure and manage an integrated LDAP + Kerberos environment (sort of a parallel of Active Directory from what I can tell). In this environment, the local MIT krb5 installation is configured to use the SSD 'localauth' plugin, which is responsible for mapping principals to usernames by implementing the krb5_auth_to_localname() API.

In this environment, Kudu fails to start with Kerberos enabled because the krb5_auth_to_localname() API is returning KRB5_PLUGIN_NO_HANDLE when it tries to map its own principal to a username.

Attachments

Activity

People

Assignee:: Todd Lipcon

Reporter:: Todd Lipcon

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 01/Aug/17 01:46

Updated:: 01/Aug/17 21:35

Resolved:: 01/Aug/17 21:35