[jira] [Updated] (AMBARI-22715) Kafka broken by auth_to_local rules when case_insensitive_username_rules=true

[Sean Roberts (JIRA)]

     [ 
https://issues.apache.org/jira/browse/AMBARI-22715?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sean Roberts updated AMBARI-22715:
----------------------------------
    Affects Version/s: 2.5.2

> Kafka broken by auth_to_local rules when case_insensitive_username_rules=true
> -----------------------------------------------------------------------------
>
>                 Key: AMBARI-22715
>                 URL: https://issues.apache.org/jira/browse/AMBARI-22715
>             Project: Ambari
>          Issue Type: Bug
>    Affects Versions: 2.5.2
>            Reporter: Sean Roberts
>            Priority: Major
>
> https://issues.apache.org/jira/browse/AMBARI-22715
> Kafka brokers will fail to start when Kerberos is set with:
> case_insensitive_username_rules=true
> This is due to Kafka not supporting the lower case (/L) functionality.
> How to reproduce:
> 1. Deploy a cluster which includes Kafka
> 2. Kerberize cluster
> 3. Ensure following is set in 'kerberos-env':
> {code}
> case_insensitive_username_rules=true
> manage_auth_to_local=true
> {code}
> 4. Start Kafka brokers
> 5. They will fail to start.
> Note the /Ls in the configuration below.
> For Kafka to function, Ambari will need to not include the "/L"s in the Kafka 
> configuration.
> {code}
> "sasl.kerberos.principal.to.local.rules" : 
> "RULE:[1:$1@$0](ambari-qa-mytestclus...@cluster.test.com)s/.*/ambari-qa/,RULE:[1:$1@$0](hbase-mytestclus...@cluster.test.com)s/.*/hbase/,RULE:[1:$1@$0](hdfs-mytestclus...@cluster.test.com)s/.*/hdfs/,RULE:[1:$1@$0](spark-mytestclus...@cluster.test.com)s/.*/spark/,RULE:[1:$1@$0](zeppelin-mytestclus...@cluster.test.com)s/.*/zeppelin/,RULE:[1:$1@$0](.*@CLUSTER.TEST.COM)s/@.*///L,RULE:[2:$1@$0](activity_analy...@cluster.test.com)s/.*/activity_analyzer/,RULE:[2:$1@$0](activity_explo...@cluster.test.com)s/.*/activity_explorer/,RULE:[2:$1@$0](amshb...@cluster.test.com)s/.*/ams/,RULE:[2:$1@$0](am...@cluster.test.com)s/.*/ams/,RULE:[2:$1@$0](at...@cluster.test.com)s/.*/atlas/,RULE:[2:$1@$0](d...@cluster.test.com)s/.*/hdfs/,RULE:[2:$1@$0](hb...@cluster.test.com)s/.*/hbase/,RULE:[2:$1@$0](h...@cluster.test.com)s/.*/hive/,RULE:[2:$1@$0](j...@cluster.test.com)s/.*/mapred/,RULE:[2:$1@$0](j...@cluster.test.com)s/.*/hdfs/,RULE:[2:$1@$0](k...@cluster.test.com)s/.*/knox/,RULE:[2:$1@$0](l...@cluster.test.com)s/.*/livy/,RULE:[2:$1@$0](n...@cluster.test.com)s/.*/yarn/,RULE:[2:$1@$0](n...@cluster.test.com)s/.*/hdfs/,RULE:[2:$1@$0](oo...@cluster.test.com)s/.*/oozie/,RULE:[2:$1@$0](rangerad...@cluster.test.com)s/.*/ranger/,RULE:[2:$1@$0](ranger...@cluster.test.com)s/.*/keyadmin/,RULE:[2:$1@$0](rangertags...@cluster.test.com)s/.*/rangertagsync/,RULE:[2:$1@$0](rangerusers...@cluster.test.com)s/.*/rangerusersync/,RULE:[2:$1@$0](r...@cluster.test.com)s/.*/yarn/,RULE:[2:$1@$0](y...@cluster.test.com)s/.*/yarn/,DEFAULT",
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)