Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-846

Ranger deviates from Hadoop usernames

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 0.5.0, 0.5.1, 0.5.2, 0.6.0
    • Fix Version/s: 0.6.0
    • Component/s: admin
    • Environment:
      kerberos non-kerberos

      Description

      Ranger-admin deviates from Hadoop (hadoop-auth) in determining what is a username and implements its own check. If not using hadoop-auth why is this not left to the underlying OS?

      This is perfectly fine on the OS and will be per HADOOP-12751 (Before HADOOP-12751 '@' and '/' were not allowed).

      [root@hdp-node pam.d]# id bolke@ad.local
      UID=1796201107(bolke@ad.local) GID=1796201107(bolke@ad.local) groepen=1796201107(bolke@ad.local),1796200513(domain users@ad.local),1796201108(test@ad.local),1950000004(ad_users)

      Not being able to do this creates integration issues when using trusts in active directory domain contexts (ie. the above bolke@ad.local is a user from a trusted domain)

        Attachments

        1. RANGER-846.patch
          2 kB
          Mehul Parikh

          Issue Links

            Activity

              People

              • Assignee:
                mehul Mehul Parikh
                Reporter:
                bolke Bolke de Bruin
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: