[jira] [Commented] (AMBARI-16023) Auth-to-local rule generation duplicates default rules when adding case-insensitive default rules

Tue, 26 Apr 2016 11:25:47 -0700 

    [ 
https://issues.apache.org/jira/browse/AMBARI-16023?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15258628#comment-15258628
 ] 

Hudson commented on AMBARI-16023:
---------------------------------

FAILURE: Integrated in Ambari-trunk-Commit #4741 (See 
[https://builds.apache.org/job/Ambari-trunk-Commit/4741/])
AMBARI-16023. Auth-to-local rule generation duplicates default rules (rlevas: 
[http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=2e2588efc5dbc12b16e58e8f709e600acd7decd1])
* 
ambari-server/src/test/java/org/apache/ambari/server/controller/AuthToLocalBuilderTest.java
* 
ambari-server/src/main/java/org/apache/ambari/server/controller/AuthToLocalBuilder.java


> Auth-to-local rule generation duplicates default rules when adding 
> case-insensitive default rules
> -------------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-16023
>                 URL: https://issues.apache.org/jira/browse/AMBARI-16023
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.2.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Critical
>              Labels: auth_to_local, kerberos
>             Fix For: 2.4.0
>
>         Attachments: AMBARI-16023_trunk_01.patch
>
>
> When re-generating auth-to-local rules where existing rules are already set, 
> the default (or fallback) rule for the default and additional realms is 
> duplicated but the extra instance(s) have the case-insensitive flag:
> Example:
> {noformat:title=Was}
> ...
> RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
> ...
> {noformat}
> {noformat:title=Becomes}
> ...
> RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
> RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*///L
> ...
> {noformat}
> *Steps to Reproduce*
> # Create cluster with (at least) HDFS
> # Enable Kerberos (do not check the box next to "Enable case insensitive 
> username rules"; kerberos-env/case_insensitive_username_rules should be false
> # Edit Kerberos configuration and check "Enable case insensitive username 
> rules" to set kerberos-env/case_insensitive_username_rules to true
> # Regenerate Keytabs
> # See duplicate entry in HDFS configs 
> (core-site/hadoop.security.auth_to_local)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to