Re: Review Request 35073: Kerberos: Force principal names to resolve to lowercase lower usernames in auth-to-local default rules

Tom Beerbower Tue, 09 Jun 2015 05:33:47 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/35073/#review87163
-----------------------------------------------------------


Ship it!


Ship It!

- Tom Beerbower


On June 9, 2015, 9:55 a.m., Emil Anca wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/35073/
> -----------------------------------------------------------
> 
> (Updated June 9, 2015, 9:55 a.m.)
> 
> 
> Review request for Ambari, Robert Levas, Tom Beerbower, and Vitalyi 
> Brodetskyi.
> 
> 
> Bugs: AMBARI-11687
>     https://issues.apache.org/jira/browse/AMBARI-11687
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Force principals names to resolve to lowercase local usernames in 
> auth-to-local rules. This will help when the KDC is an MIT KDC or an  Active 
> Directory and user accounts have uppercase letters that need to be converted 
> to lowercase letters.  For example:  {{USER1234@REALM}} should resolve to 
> {{user1234}}.
> 
> *Solution*
> # Provide a kerberos-env configuration to optionally create case-insensitive 
> rules
> # If creating case-insensitive rules, _generic_ auth-to-local rules should 
> contain the {{L}} option, as in:
> 
> ~~~
> RULE:[1:$1@$0](.*@REALM)s/@.*///L
> ~~~
> 
> 
> Diffs
> -----
> 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java
>  89d0b55 
>   
> ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
>  8a5d4fd 
>   
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
>  6d720a0 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/AuthToLocalBuilderTest.java
>  d1a2bd1 
>   
> ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
>  f8ba840 
>   ambari-web/app/data/HDP2/site_properties.js 484ad38 
> 
> Diff: https://reviews.apache.org/r/35073/diff/
> 
> 
> Testing
> -------
> 
> * mvn clean test -pl AuthToLocalBuilderTest KerberosHelperImpl locally
> * Jenking tests in progress
> * Kerbernized/dekerbenized prop with / without prop while monitoring 
> core-site auth to local rules
> * Added service on kerberized cluster
> * Ran
>  
>    [root@c6401 ~]# hadoop org.apache.hadoop.security.HadoopKerberosName 
> [email protected]
> Name: [email protected] to eanca
> 
> to test the mapping of the new generic Rule.
> 
> 
> Thanks,
> 
> Emil Anca
> 
>

Re: Review Request 35073: Kerberos: Force principal names to resolve to lowercase lower usernames in auth-to-local default rules

Reply via email to