Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-846

Ranger deviates from Hadoop usernames

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 0.5.0, 0.5.1, 0.5.2, 0.6.0
    • 0.6.0
    • admin
    • kerberos non-kerberos

    Description

      Ranger-admin deviates from Hadoop (hadoop-auth) in determining what is a username and implements its own check. If not using hadoop-auth why is this not left to the underlying OS?

      This is perfectly fine on the OS and will be per HADOOP-12751 (Before HADOOP-12751 '@' and '/' were not allowed).

      [root@hdp-node pam.d]# id bolke@ad.local
      UID=1796201107(bolke@ad.local) GID=1796201107(bolke@ad.local) groepen=1796201107(bolke@ad.local),1796200513(domain users@ad.local),1796201108(test@ad.local),1950000004(ad_users)

      Not being able to do this creates integration issues when using trusts in active directory domain contexts (ie. the above bolke@ad.local is a user from a trusted domain)

      Attachments

        1. RANGER-846.patch
          2 kB
          Mehul Parikh

        Issue Links

          links to

          Web Link Review request link

          Activity

            People

              mehul Mehul Parikh
              bolke Bolke de Bruin
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: