[
https://issues.apache.org/jira/browse/AMBARI-16023?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Levas updated AMBARI-16023:
----------------------------------
Attachment: AMBARI-16023_trunk_01.patch
> Auth-to-local rule generation duplicates default rules when adding
> case-insensitive default rules
> -------------------------------------------------------------------------------------------------
>
> Key: AMBARI-16023
> URL: https://issues.apache.org/jira/browse/AMBARI-16023
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.2.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Priority: Critical
> Labels: auth_to_local, kerberos
> Fix For: 2.4.0
>
> Attachments: AMBARI-16023_trunk_01.patch
>
>
> When re-generating auth-to-local rules where existing rules are already set,
> the default (or fallback) rule for the default and additional realms is
> duplicated but the extra instance(s) have the case-insensitive flag:
> Example:
> {noformat:title=Was}
> ...
> RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
> ...
> {noformat}
> {noformat:title=Becomes}
> ...
> RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
> RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*///L
> ...
> {noformat}
> *Steps to Reproduce*
> # Create cluster with (at least) HDFS
> # Enable Kerberos (do not check the box next to "Enable case insensitive
> username rules"; kerberos-env/case_insensitive_username_rules should be false
> # Edit Kerberos configuration and check "Enable case insensitive username
> rules" to set kerberos-env/case_insensitive_username_rules to true
> # Regenerate Keytabs
> # See duplicate entry in HDFS configs
> (core-site/hadoop.security.auth_to_local)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
