Review Request 35073: Kerberos: Force principal names to resolve to lowercase lower usernames in auth-to-local default rules

Emil Anca Thu, 04 Jun 2015 07:58:04 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/35073/
-----------------------------------------------------------


Review request for Ambari, Robert Levas and Vitalyi Brodetskyi.


Bugs: AMBARI-11687
    https://issues.apache.org/jira/browse/AMBARI-11687


Repository: ambari


Description
-------

Force principals names to resolve to lowercase local usernames in auth-to-local 
rules. This will help when the KDC is an MIT KDC or an  Active Directory and 
user accounts have uppercase letters that need to be converted to lowercase 
letters.  For example:  {{USER1234@REALM}} should resolve to {{user1234}}.

*Solution*
# Provide a kerberos-env configuration to optionally create case-insensitive 
rules
# If creating case-insensitive rules, _generic_ auth-to-local rules should 
contain the {{L}} option, as in:

~~~
RULE:[1:$1@$0](.*@REALM)s/@.*///L
~~~


Diffs
-----

  
ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java
 c599cc1 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
 dc5fc75 
  
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
 ec50f69 
  
ambari-server/src/test/java/org/apache/ambari/server/controller/AuthToLocalBuilderTest.java
 d1a2bd1 
  ambari-web/app/data/HDP2/site_properties.js d5310e2 

Diff: https://reviews.apache.org/r/35073/diff/


Testing
-------

* mvn clean test -pl AuthToLocalBuilderTest
* Kerbernized/dekerbenized prop with / without prop
* Added service on kerberized cluster


Thanks,

Emil Anca

Review Request 35073: Kerberos: Force principal names to resolve to lowercase lower usernames in auth-to-local default rules

Reply via email to