[
https://issues.apache.org/jira/browse/RANGER-846?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15146216#comment-15146216
]
Bolke de Bruin commented on RANGER-846:
---------------------------------------
See also RANGER-833
> Ranger deviates from Hadoop usernames
> -------------------------------------
>
> Key: RANGER-846
> URL: https://issues.apache.org/jira/browse/RANGER-846
> Project: Ranger
> Issue Type: Bug
> Components: admin
> Affects Versions: 0.5.0, 0.5.1, 0.5.2, 0.6.0
> Environment: kerberos non-kerberos
> Reporter: Bolke de Bruin
> Priority: Critical
> Labels: admin-interface, kerberos, user
> Fix For: 0.6.0
>
>
> Ranger-admin deviates from Hadoop (hadoop-auth) in determining what is a
> username and implements its own check. If not using hadoop-auth why is this
> not left to the underlying OS?
> This is perfectly fine on the OS and will be per HADOOP-12751 (Before
> HADOOP-12751 '@' and '/' were not allowed).
> [root@hdp-node pam.d]# id [email protected]
> UID=1796201107([email protected]) GID=1796201107([email protected])
> groepen=1796201107([email protected]),1796200513(domain
> [email protected]),1796201108([email protected]),1950000004(ad_users)
> Not being able to do this creates integration issues when using trusts in
> active directory domain contexts (ie. the above [email protected] is a user from
> a trusted domain)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
