Emil Anca created AMBARI-11687:
----------------------------------
Summary: Kerberos: Force principal names to resolve to lowercase
lower usernames in auth-to-local default rules
Key: AMBARI-11687
URL: https://issues.apache.org/jira/browse/AMBARI-11687
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.0.1
Reporter: Emil Anca
Assignee: Emil Anca
Priority: Critical
Fix For: 2.1.0
Force principals names to resolve to lowercase local usernames in auth-to-local
rules. This will help when the KDC is an MIT KDC or an Active Directory and
user accounts have uppercase letters that need to be converted to lowercase
letters. For example: {{USER1234@REALM}} should resolve to {{user1234}}.
*Solution*
# Provide a kerberos-env configuration to optionally create case-insensitive
rules
# If creating case-insensitive rules, _generic_ auth-to-local rules should
contain the {{L}} option, as in:
{code}
RULE:[1:$1@$0](.*@REALM)s/@.*///L
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
