Alejandro Abdelnur created HADOOP-10556:
-------------------------------------------
Summary: Add toLowerCase support to auth_to_local rules for
service name
Key: HADOOP-10556
URL: https://issues.apache.org/jira/browse/HADOOP-10556
Project: Hadoop Common
Issue Type: Improvement
Components: security
Affects Versions: 2.4.0
Reporter: Alejandro Abdelnur
Assignee: Alejandro Abdelnur
When using Vintela to integrate Linux with AD, principals are lowercased. If
the accounts in AD have uppercase characters (ie FooBar) the Kerberos
principals have also uppercase characters (ie FooBar/<HOST>). Because of this,
when a service (Yarn/HDFS) extracts the service name from the Kerberos
principal (FooBar) and uses it for obtain groups the user is not found because
via Linux the user FooBar is unknown, it has been converted to foobar.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
