[jira] [Commented] (AMBARI-9295) Remove toLowerCase() from userPrincipalName in default Kerberos principal create template

Mon, 02 Feb 2015 14:55:19 -0800 

    [ 
https://issues.apache.org/jira/browse/AMBARI-9295?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14302128#comment-14302128
 ] 

Hudson commented on AMBARI-9295:
--------------------------------

FAILURE: Integrated in Ambari-trunk-Commit-docker #841 (See 
[https://builds.apache.org/job/Ambari-trunk-Commit-docker/841/])
AMBARI-9295. Remove toLowerCase() from userPrincipalName in default Kerberos 
principal create template (rlevas) (rlevas: 
http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=454b31fd299aff30d60dda9d6bef05e4e2345973)
* 
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
* 
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java
* 
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java


> Remove toLowerCase() from userPrincipalName in default Kerberos principal 
> create template
> -----------------------------------------------------------------------------------------
>
>                 Key: AMBARI-9295
>                 URL: https://issues.apache.org/jira/browse/AMBARI-9295
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server, stacks
>    Affects Versions: 2.0.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>              Labels: active-directory, active_directory, kerberos
>             Fix For: 2.0.0
>
>         Attachments: AMBARI-9295_01.patch
>
>
> Remove toLowerCase() from userPrincipalName in default Kerberos principal 
> create template. This is creating an issue with principals that have 
> upper-cased characters and Active Directory such that when kinit-ing, 
> authenticating fails:
> {code:title=kinit -V -k -t /etc/security/keytabs/spnego.service.keytab }
> HTTP/c6501.ambari.apache.org
> Using default cache: /tmp/krb5cc_0
> Using principal: HTTP/[email protected]
> Using keytab: /etc/security/keytabs/spnego.service.keytab
> kinit: Preauthentication failed while getting initial credentials
> {code}
> An example of the offending template is as follows:
> {code:title=from kerberos-env.xml}
> {
>   "objectClass": ["top", "person", "organizationalPerson", "user"],
>   "cn": "$principal_name",
>   #if( $is_service )
>   "servicePrincipalName": "$principal_name",
>   #end
>   "userPrincipalName": "$normalized_principal.toLowerCase()",
>   "unicodePwd": "$password",
>   "accountExpires": "0",
>   "userAccountControl": "66048"
> }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to