[jira] [Updated] (NIFI-6224) Default Realm in kerberos-provider is not used

Fri, 19 Apr 2019 14:50:03 -0700 


     [ 
https://issues.apache.org/jira/browse/NIFI-6224?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jeff Storck updated NIFI-6224:
------------------------------
    Description: 
The *{{Default Realm}}* property in *{{kerberos-provider}}* is never read or 
used.  The *{{KerberosProvider}}* implementation should make use of that 
property in the following prioritized way:
* A realm-qualified principal will not be modified before authentication
* A principal shortname will have Default Realm appended to it when it is not 
blank before authentication
* A principal shortname will not be modified if Default Realm is blank, and the 
underlying kerberos implementation will append the default_realm configured in 
krb5.conf

  was:
The {color:red}{{Default Realm}}{color} property in 
{color:red}{{kerberos-provider}}{color} is never read or used.  The 
{color:red}{{KerberosProvider}}{color} implementation should make use of that 
property in the following prioritized way:
* A realm-qualified principal will not be modified before authentication
* A principal shortname will have Default Realm appended to it when it is not 
blank before authentication
* A principal shortname will not be modified if Default Realm is blank, and the 
underlying kerberos implementation will append the default_realm configured in 
krb5.conf


> Default Realm in kerberos-provider is not used
> ----------------------------------------------
>
>                 Key: NIFI-6224
>                 URL: https://issues.apache.org/jira/browse/NIFI-6224
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>    Affects Versions: 1.9.2
>            Reporter: Jeff Storck
>            Assignee: Jeff Storck
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> The *{{Default Realm}}* property in *{{kerberos-provider}}* is never read or 
> used.  The *{{KerberosProvider}}* implementation should make use of that 
> property in the following prioritized way:
> * A realm-qualified principal will not be modified before authentication
> * A principal shortname will have Default Realm appended to it when it is not 
> blank before authentication
> * A principal shortname will not be modified if Default Realm is blank, and 
> the underlying kerberos implementation will append the default_realm 
> configured in krb5.conf



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to