----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/35073/#review87159 -----------------------------------------------------------
Ship it! ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java <https://reviews.apache.org/r/35073/#comment139480> A NPE will be thrown if `kerberos-env/case_insensitive_rules` is null or not present in the map. - Robert Levas On June 9, 2015, 5:55 a.m., Emil Anca wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/35073/ > ----------------------------------------------------------- > > (Updated June 9, 2015, 5:55 a.m.) > > > Review request for Ambari, Robert Levas, Tom Beerbower, and Vitalyi > Brodetskyi. > > > Bugs: AMBARI-11687 > https://issues.apache.org/jira/browse/AMBARI-11687 > > > Repository: ambari > > > Description > ------- > > Force principals names to resolve to lowercase local usernames in > auth-to-local rules. This will help when the KDC is an MIT KDC or an Active > Directory and user accounts have uppercase letters that need to be converted > to lowercase letters. For example: {{USER1234@REALM}} should resolve to > {{user1234}}. > > *Solution* > # Provide a kerberos-env configuration to optionally create case-insensitive > rules > # If creating case-insensitive rules, _generic_ auth-to-local rules should > contain the {{L}} option, as in: > > ~~~ > RULE:[1:$1@$0](.*@REALM)s/@.*///L > ~~~ > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java > 89d0b55 > > ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java > 8a5d4fd > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml > 6d720a0 > > ambari-server/src/test/java/org/apache/ambari/server/controller/AuthToLocalBuilderTest.java > d1a2bd1 > > ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java > f8ba840 > ambari-web/app/data/HDP2/site_properties.js 484ad38 > > Diff: https://reviews.apache.org/r/35073/diff/ > > > Testing > ------- > > * mvn clean test -pl AuthToLocalBuilderTest KerberosHelperImpl locally > * Jenking tests in progress > * Kerbernized/dekerbenized prop with / without prop while monitoring > core-site auth to local rules > * Added service on kerberized cluster > * Ran > > [root@c6401 ~]# hadoop org.apache.hadoop.security.HadoopKerberosName > [email protected] > Name: [email protected] to eanca > > to test the mapping of the new generic Rule. > > > Thanks, > > Emil Anca > >
