Details
-
Improvement
-
Status: Patch Available
-
Major
-
Resolution: Unresolved
-
1.9.2
-
None
-
None
Description
A KeytabCredentialsService should be able to qualify a principal or shortname with the instance on which it is running.
A new property should be added that allows the user to select one of the following qualification options:
- none
- hostname
- FQDN
If NiFi is running on host "nifi.apache.org" and a KeytabCredentialsService was created with a Kerberos Principal property value of "nifi@EXAMPLE.COM", the KeytabCredentialsService** should be able return a qualified principal, based on the qualification option:
- none -> "nifi@EXAMPLE.COM"
- hostname -> "nifi/nifi@EXAMPLE.COM"
- FQDN -> "nifi/nifi.apache.org@EXAMPLE.COM"
If a shortname is used it should be qualified as the qualification option indicates:
- none -> "nifi"
- hostname -> "nifi/nifi"
- FQDN -> "nifi/nifi.apache.org"
Validation of the KeytabCredentialsService should fail if the principal is already instance-qualified and "hostname" or "FQDN" is selected for the qualification option.
Attachments
Issue Links
- links to