[
https://issues.apache.org/jira/browse/NIFI-6833?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17014613#comment-17014613
]
Jeff Storck commented on NIFI-6833:
-----------------------------------
Since there's an EL workaround for this (using ${hostname()} or
$hostname(true)} in the principal field depending on the desired result), I'll
remove the fix version of 1.11.0 from the ticket. This can be merged for the
next release.
> Provide instance qualification of principals in KeytabCredentialsService
> ------------------------------------------------------------------------
>
> Key: NIFI-6833
> URL: https://issues.apache.org/jira/browse/NIFI-6833
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
> Affects Versions: 1.9.2
> Reporter: Jeff Storck
> Assignee: Jeff Storck
> Priority: Major
> Fix For: 1.11.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> A KeytabCredentialsService should be able to qualify a principal or shortname
> with the instance on which it is running.
> A new property should be added that allows the user to select one of the
> following qualification options:
> * none
> * hostname
> * FQDN
> If NiFi is running on host "nifi.apache.org" and a *KeytabCredentialsService*
> was created with a *Kerberos Principal* property value of "[email protected]",
> the *KeytabCredentialsService*** should be able return a qualified principal,
> based on the qualification option:
> * none -> "[email protected]"
> * hostname -> "nifi/[email protected]"
> * FQDN -> "nifi/[email protected]"
> If a shortname is used it should be qualified as the qualification option
> indicates:
> * none -> "nifi"
> * hostname -> "nifi/nifi"
> * FQDN -> "nifi/nifi.apache.org"
> Validation of the *KeytabCredentialsService* should fail if the principal is
> already instance-qualified and "hostname" or "FQDN" is selected for the
> qualification option.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
