[jira] [Resolved] (NIFI-3872) "Default Realm" property ignored in kerberos-provider after upgrade to 1.2.0

Thu, 11 May 2017 18:24:26 -0700 

     [ 
https://issues.apache.org/jira/browse/NIFI-3872?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mark Deckert resolved NIFI-3872.
--------------------------------
    Resolution: Invalid

Jumped the gun on reporting.  Discovered the problem in a bad krb5.ini file 
that had changed.

> "Default Realm" property ignored in kerberos-provider after upgrade to 1.2.0
> ----------------------------------------------------------------------------
>
>                 Key: NIFI-3872
>                 URL: https://issues.apache.org/jira/browse/NIFI-3872
>             Project: Apache NiFi
>          Issue Type: Bug
>    Affects Versions: 1.2.0
>         Environment: Windows Server 2012R2
>            Reporter: Mark Deckert
>
> After upgrading from 1.1.2 to 1.2.0, the "Default Realm" property in 
> login-identity-providers.xml is seemingly ignored.  Users can still 
> successfully log in by typing in the full "[email protected]", but just 
> "myusername" fails.  Same identity-providers file was used in 1.1.2 without 
> problem.
> I've changed username: myusername and domain: MYDOMAIN.COM in logs and config 
> below:
> user log says:
> 2017-05-11 17:58:17,947 INFO [NiFi Web Server-20] 
> o.a.n.w.a.c.IllegalArgumentExceptionMapper 
> java.lang.IllegalArgumentException: The supplied username and password are 
> not valid.. Returning Bad Request response.
> bootstrap log says this:
> 2017-05-11 17:58:17,931 INFO [NiFi logging handler] org.apache.nifi.StdOut 
> Debug is  true storeKey true useTicketCache false useKeyTab false doNotPrompt 
> false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config 
> is false principal is null tryFirstPass is false useFirstPass is false 
> storePass is false clearPass is false
> 2017-05-11 17:58:17,931 INFO [NiFi logging handler] org.apache.nifi.StdOut    
>         [Krb5LoginModule] user entered username: myusername
> 2017-05-11 17:58:17,931 INFO [NiFi logging handler] org.apache.nifi.StdOut 
> 2017-05-11 17:58:17,947 INFO [NiFi logging handler] org.apache.nifi.StdOut    
>         [Krb5LoginModule] authentication failed 
> Identity-Providers config file:
> <provider>
>         <identifier>kerberos-provider</identifier>
>         <class>org.apache.nifi.kerberos.KerberosProvider</class>
>         <property name="Default Realm">MYDOMAIN.COM</property>
>         <property name="Authentication Expiration">12 hours</property>
>     </provider>



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to