[jira] [Commented] (NIFI-6224) Default Realm in kerberos-provider is not used

Wed, 24 Apr 2019 11:57:50 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-6224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16825440#comment-16825440
 ] 

ASF subversion and git services commented on NIFI-6224:
-------------------------------------------------------

Commit 0e5a80d23f0432947b4ef05b45ea3571686304ba in nifi's branch 
refs/heads/master from Jeff Storck
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=0e5a80d ]

NIFI-6224 Updated KerberosProvider to use the "Default Realm" property

  Updated usage of deprecated FormatUtils.getTimeDuration to 
FormatUtils.getPreciseTimeDuration
  Implemented prioritized handling of appending the default realm
    A realm-qualified principal will not be modified before authentication
    A principal shortname will have Default Realm appended to it when it is not 
blank before authentication
    A principal shortname will not be modified if Default Realm is blank, and 
the underlying kerberos implementation will append the default_realm configured 
in krb5.conf
In nifi-security-util
  added KerberosPrincipalParser for determining the realm of a kerberos 
principal
  added tests for KerberosPrincipalParser
  updated pom with spock-core as a test dependency

This closes #3446.

Signed-off-by: Kevin Doran <[email protected]>


> Default Realm in kerberos-provider is not used
> ----------------------------------------------
>
>                 Key: NIFI-6224
>                 URL: https://issues.apache.org/jira/browse/NIFI-6224
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>    Affects Versions: 1.9.2
>            Reporter: Jeff Storck
>            Assignee: Jeff Storck
>            Priority: Major
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> The *{{Default Realm}}* property in *{{kerberos-provider}}* is never read or 
> used.  The *{{KerberosProvider}}* implementation should make use of that 
> property in the following prioritized way:
> * A realm-qualified principal will not be modified before authentication
> * A principal shortname will have Default Realm appended to it when it is not 
> blank before authentication
> * A principal shortname will not be modified if Default Realm is blank, and 
> the underlying kerberos implementation will append the default_realm 
> configured in krb5.conf



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to