[
https://issues.apache.org/jira/browse/HADOOP-10556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13986375#comment-13986375
]
Alejandro Abdelnur commented on HADOOP-10556:
---------------------------------------------
Adding a /L option (similar to the existing /g) we could handle lowercasing.
Because Java regexs don’t support /L
(http://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html), we
will have to handle that explicitly in the KerberosName rules handling logic.
> Add toLowerCase support to auth_to_local rules for service name
> ---------------------------------------------------------------
>
> Key: HADOOP-10556
> URL: https://issues.apache.org/jira/browse/HADOOP-10556
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.4.0
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
>
> When using Vintela to integrate Linux with AD, principals are lowercased. If
> the accounts in AD have uppercase characters (ie FooBar) the Kerberos
> principals have also uppercase characters (ie FooBar/<HOST>). Because of
> this, when a service (Yarn/HDFS) extracts the service name from the Kerberos
> principal (FooBar) and uses it for obtain groups the user is not found
> because via Linux the user FooBar is unknown, it has been converted to foobar.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
