----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/30333/#review70014 -----------------------------------------------------------
Ship it! Ship It! - Yusaku Sako On Jan. 27, 2015, 10:39 p.m., Robert Levas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/30333/ > ----------------------------------------------------------- > > (Updated Jan. 27, 2015, 10:39 p.m.) > > > Review request for Ambari, Jaimin Jetly and Yusaku Sako. > > > Bugs: AMBARI-9295 > https://issues.apache.org/jira/browse/AMBARI-9295 > > > Repository: ambari > > > Description > ------- > > Remove toLowerCase() from userPrincipalName in default Kerberos principal > create template. This is creating an issue with principals that have > upper-cased characters and Active Directory such that when kinit-ing, > authenticating fails: > > #kinit -V -k -t /etc/security/keytabs/spnego.service.keytab > ``` > HTTP/c6501.ambari.apache.org > Using default cache: /tmp/krb5cc_0 > Using principal: HTTP/[email protected] > Using keytab: /etc/security/keytabs/spnego.service.keytab > kinit: Preauthentication failed while getting initial credentials > ``` > An example of the offending template is as follows: > #From kerberos-env.xml > ``` > { > "objectClass": ["top", "person", "organizationalPerson", "user"], > "cn": "$principal_name", > #if( $is_service ) > "servicePrincipalName": "$principal_name", > #end > "userPrincipalName": "$normalized_principal.toLowerCase()", > "unicodePwd": "$password", > "accountExpires": "0", > "userAccountControl": "66048" > } > ``` > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java > 839a82a > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml > d37e736 > > ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java > 8d2a3c4 > > Diff: https://reviews.apache.org/r/30333/diff/ > > > Testing > ------- > > Manually tested in test cluster using Active Directory as KDC and including > Hive. > > # Jenkins test results > > Running > org.apache.ambari.server.serveraction.kerberos.ADKerberosOperationHandlerTest > Tests run: 10, Failures: 0, Errors: 0, Skipped: 1, Time elapsed: 0.731 sec > > Ambari server test suite > Tests run: 2616, Failures: 0, Errors: 0, Skipped: 15 > > [INFO] > ------------------------------------------------------------------------ > [INFO] BUILD SUCCESS > [INFO] > ------------------------------------------------------------------------ > [INFO] Total time: 01:01 h > [INFO] Finished at: 2015-01-27T22:05:59+00:00 > [INFO] Final Memory: 44M/541M > [INFO] > ------------------------------------------------------------------------ > > > Thanks, > > Robert Levas > >
