[jira] [Updated] (HADOOP-14229) hadoop.security.auth_to_local example is incorrect in the documentation
[ https://issues.apache.org/jira/browse/HADOOP-14229?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ravi Prakash updated HADOOP-14229: -- Resolution: Fixed Fix Version/s: 3.0.0-beta1 Status: Resolved (was: Patch Available) Committed to trunk. > hadoop.security.auth_to_local example is incorrect in the documentation > --- > > Key: HADOOP-14229 > URL: https://issues.apache.org/jira/browse/HADOOP-14229 > Project: Hadoop Common > Issue Type: Bug >Reporter: Andras Bokor >Assignee: Andras Bokor > Fix For: 3.0.0-beta1 > > Attachments: HADOOP-14229.01.patch, HADOOP-14229.02.patch, > HADOOP-14229.03.patch > > > Let's see jhs as example: > {code}RULE:[2:$1@$0](jhs/.*@.*REALM.TLD)s/.*/mapred/{code} > That means principal has 2 components (jhs/myhost@REALM). > The second column converts this to jhs@REALM. So the regex will not match on > this since regex expects / in the principal. > My suggestion is > {code}RULE:[2:$1](jhs)s/.*/mapred/{code} > https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/SecureMode.html -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14229) hadoop.security.auth_to_local example is incorrect in the documentation
[ https://issues.apache.org/jira/browse/HADOOP-14229?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andras Bokor updated HADOOP-14229: -- Attachment: HADOOP-14229.03.patch Reattach last patch to kick [~hadoopqa] > hadoop.security.auth_to_local example is incorrect in the documentation > --- > > Key: HADOOP-14229 > URL: https://issues.apache.org/jira/browse/HADOOP-14229 > Project: Hadoop Common > Issue Type: Bug >Reporter: Andras Bokor >Assignee: Andras Bokor > Attachments: HADOOP-14229.01.patch, HADOOP-14229.02.patch, > HADOOP-14229.03.patch > > > Let's see jhs as example: > {code}RULE:[2:$1@$0](jhs/.*@.*REALM.TLD)s/.*/mapred/{code} > That means principal has 2 components (jhs/myhost@REALM). > The second column converts this to jhs@REALM. So the regex will not match on > this since regex expects / in the principal. > My suggestion is > {code}RULE:[2:$1](jhs)s/.*/mapred/{code} > https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/SecureMode.html -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14229) hadoop.security.auth_to_local example is incorrect in the documentation
[ https://issues.apache.org/jira/browse/HADOOP-14229?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andras Bokor updated HADOOP-14229: -- Attachment: (was: HADOOP-14229.03.patch) > hadoop.security.auth_to_local example is incorrect in the documentation > --- > > Key: HADOOP-14229 > URL: https://issues.apache.org/jira/browse/HADOOP-14229 > Project: Hadoop Common > Issue Type: Bug >Reporter: Andras Bokor >Assignee: Andras Bokor > Attachments: HADOOP-14229.01.patch, HADOOP-14229.02.patch > > > Let's see jhs as example: > {code}RULE:[2:$1@$0](jhs/.*@.*REALM.TLD)s/.*/mapred/{code} > That means principal has 2 components (jhs/myhost@REALM). > The second column converts this to jhs@REALM. So the regex will not match on > this since regex expects / in the principal. > My suggestion is > {code}RULE:[2:$1](jhs)s/.*/mapred/{code} > https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/SecureMode.html -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14229) hadoop.security.auth_to_local example is incorrect in the documentation
[ https://issues.apache.org/jira/browse/HADOOP-14229?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andras Bokor updated HADOOP-14229: -- Attachment: HADOOP-14229.03.patch [~aw], That is true. Skipping FQDN causes super *group* access between clusters (in the same realm). I think here we are not intended to provide a production ready mapping it should just be an example showing what is the basic syntax. Anyway, your comment made me feel I should provide a bit more complex (but not too complex) example to show the syntax of auth_to_local rules. [^HADOOP-14229.03.patch] > hadoop.security.auth_to_local example is incorrect in the documentation > --- > > Key: HADOOP-14229 > URL: https://issues.apache.org/jira/browse/HADOOP-14229 > Project: Hadoop Common > Issue Type: Bug >Reporter: Andras Bokor >Assignee: Andras Bokor > Attachments: HADOOP-14229.01.patch, HADOOP-14229.02.patch, > HADOOP-14229.03.patch > > > Let's see jhs as example: > {code}RULE:[2:$1@$0](jhs/.*@.*REALM.TLD)s/.*/mapred/{code} > That means principal has 2 components (jhs/myhost@REALM). > The second column converts this to jhs@REALM. So the regex will not match on > this since regex expects / in the principal. > My suggestion is > {code}RULE:[2:$1](jhs)s/.*/mapred/{code} > https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/SecureMode.html -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14229) hadoop.security.auth_to_local example is incorrect in the documentation
[ https://issues.apache.org/jira/browse/HADOOP-14229?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andras Bokor updated HADOOP-14229: -- Priority: Major (was: Trivial) > hadoop.security.auth_to_local example is incorrect in the documentation > --- > > Key: HADOOP-14229 > URL: https://issues.apache.org/jira/browse/HADOOP-14229 > Project: Hadoop Common > Issue Type: Bug >Reporter: Andras Bokor >Assignee: Andras Bokor > Attachments: HADOOP-14229.01.patch, HADOOP-14229.02.patch > > > Let's see jhs as example: > {code}RULE:[2:$1@$0](jhs/.*@.*REALM.TLD)s/.*/mapred/{code} > That means principal has 2 components (jhs/myhost@REALM). > The second column converts this to jhs@REALM. So the regex will not match on > this since regex expects / in the principal. > My suggestion is > {code}RULE:[2:$1](jhs)s/.*/mapred/{code} > https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/SecureMode.html -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14229) hadoop.security.auth_to_local example is incorrect in the documentation
[ https://issues.apache.org/jira/browse/HADOOP-14229?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andras Bokor updated HADOOP-14229: -- Target Version/s: 3.0.0-alpha3 > hadoop.security.auth_to_local example is incorrect in the documentation > --- > > Key: HADOOP-14229 > URL: https://issues.apache.org/jira/browse/HADOOP-14229 > Project: Hadoop Common > Issue Type: Bug >Reporter: Andras Bokor >Assignee: Andras Bokor >Priority: Trivial > Attachments: HADOOP-14229.01.patch, HADOOP-14229.02.patch > > > Let's see jhs as example: > {code}RULE:[2:$1@$0](jhs/.*@.*REALM.TLD)s/.*/mapred/{code} > That means principal has 2 components (jhs/myhost@REALM). > The second column converts this to jhs@REALM. So the regex will not match on > this since regex expects / in the principal. > My suggestion is > {code}RULE:[2:$1](jhs)s/.*/mapred/{code} > https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/SecureMode.html -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14229) hadoop.security.auth_to_local example is incorrect in the documentation
[ https://issues.apache.org/jira/browse/HADOOP-14229?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andras Bokor updated HADOOP-14229: -- Attachment: HADOOP-14229.02.patch Patch 02: Make it more compact Test results: {code}hadoop-3.0.0-alpha2/bin/hadoop kerbname {nn,dn,jn,rm,nm,jhs}/host.dom...@realm.tld Name: nn/host.dom...@realm.tld to hdfs Name: dn/host.dom...@realm.tld to hdfs Name: jn/host.dom...@realm.tld to hdfs Name: rm/host.dom...@realm.tld to yarn Name: nm/host.dom...@realm.tld to yarn Name: jhs/host.dom...@realm.tld to mapred{code} > hadoop.security.auth_to_local example is incorrect in the documentation > --- > > Key: HADOOP-14229 > URL: https://issues.apache.org/jira/browse/HADOOP-14229 > Project: Hadoop Common > Issue Type: Bug >Reporter: Andras Bokor >Assignee: Andras Bokor >Priority: Trivial > Attachments: HADOOP-14229.01.patch, HADOOP-14229.02.patch > > > Let's see jhs as example: > {code}RULE:[2:$1@$0](jhs/.*@.*REALM.TLD)s/.*/mapred/{code} > That means principal has 2 components (jhs/myhost@REALM). > The second column converts this to jhs@REALM. So the regex will not match on > this since regex expects / in the principal. > My suggestion is > {code}RULE:[2:$1](jhs)s/.*/mapred/{code} > https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/SecureMode.html -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14229) hadoop.security.auth_to_local example is incorrect in the documentation
[ https://issues.apache.org/jira/browse/HADOOP-14229?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andras Bokor updated HADOOP-14229: -- Description: Let's see jhs as example: {code}RULE:[2:$1@$0](jhs/.*@.*REALM.TLD)s/.*/mapred/{code} That means principal has 2 components (jhs/myhost@REALM). The second column converts this to jhs@REALM. So the regex will not match on this since regex expects / in the principal. My suggestion is {code}RULE:[2:$1](jhs)s/.*/mapred/{code} https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/SecureMode.html was: Let's see jhs as example: {code}RULE:[2:$1@$0](jhs/.*@.*REALM.TLD)s/.*/mapred/{code} That means principal has 2 components (jhs/myhost@REALM). The second column converts this to jhs@REALM. So the regex will not match on this since regex expects / in the principal. My suggestion is {code}RULE:[2:$1](jhs)s/.*/mapred/{code} > hadoop.security.auth_to_local example is incorrect in the documentation > --- > > Key: HADOOP-14229 > URL: https://issues.apache.org/jira/browse/HADOOP-14229 > Project: Hadoop Common > Issue Type: Bug >Reporter: Andras Bokor >Assignee: Andras Bokor >Priority: Trivial > Attachments: HADOOP-14229.01.patch > > > Let's see jhs as example: > {code}RULE:[2:$1@$0](jhs/.*@.*REALM.TLD)s/.*/mapred/{code} > That means principal has 2 components (jhs/myhost@REALM). > The second column converts this to jhs@REALM. So the regex will not match on > this since regex expects / in the principal. > My suggestion is > {code}RULE:[2:$1](jhs)s/.*/mapred/{code} > https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/SecureMode.html -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14229) hadoop.security.auth_to_local example is incorrect in the documentation
[ https://issues.apache.org/jira/browse/HADOOP-14229?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andras Bokor updated HADOOP-14229: -- Attachment: HADOOP-14229.01.patch > hadoop.security.auth_to_local example is incorrect in the documentation > --- > > Key: HADOOP-14229 > URL: https://issues.apache.org/jira/browse/HADOOP-14229 > Project: Hadoop Common > Issue Type: Bug >Reporter: Andras Bokor >Assignee: Andras Bokor >Priority: Trivial > Attachments: HADOOP-14229.01.patch > > > Let's see jhs as example: > {code}RULE:[2:$1@$0](jhs/.*@.*REALM.TLD)s/.*/mapred/{code} > That means principal has 2 components (jhs/myhost@REALM). > The second column converts this to jhs@REALM. So the regex will not match on > this since regex expects / in the principal. > My suggestion is > {code}RULE:[2:$1](jhs)s/.*/mapred/{code} -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14229) hadoop.security.auth_to_local example is incorrect in the documentation
[ https://issues.apache.org/jira/browse/HADOOP-14229?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andras Bokor updated HADOOP-14229: -- Status: Patch Available (was: Open) [~arpiagariu], Could you please check my patch? > hadoop.security.auth_to_local example is incorrect in the documentation > --- > > Key: HADOOP-14229 > URL: https://issues.apache.org/jira/browse/HADOOP-14229 > Project: Hadoop Common > Issue Type: Bug >Reporter: Andras Bokor >Assignee: Andras Bokor >Priority: Trivial > Attachments: HADOOP-14229.01.patch > > > Let's see jhs as example: > {code}RULE:[2:$1@$0](jhs/.*@.*REALM.TLD)s/.*/mapred/{code} > That means principal has 2 components (jhs/myhost@REALM). > The second column converts this to jhs@REALM. So the regex will not match on > this since regex expects / in the principal. > My suggestion is > {code}RULE:[2:$1](jhs)s/.*/mapred/{code} -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14229) hadoop.security.auth_to_local example is incorrect in the documentation
[ https://issues.apache.org/jira/browse/HADOOP-14229?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andras Bokor updated HADOOP-14229: -- Description: Let's see jhs as example: {code}RULE:[2:$1@$0](jhs/.*@.*REALM.TLD)s/.*/mapred/{code} That means principal has 2 components (jhs/myhost@REALM). The second column converts this to jhs@REALM. So the regex will not match on this since regex expects / in the principal. My suggestion is {code}RULE:[2:$1](jhs)s/.*/mapred/{code} was: Let's see jhs as example: {code}RULE:[2:$1@$0](jhs/.*@.*REALM.TLD)s/.*/mapred/{code} That means principal has 2 components (jhs/myhost@REALM). The second column converts this to jhs@REALM. So the regex will not match on this since regex expects / in the principal. I am not sure what was the original intend here so I suggest two solutions: {code}RULE:[2:$1/$2@$0](jhs/.*@REALM.TLD)s/.*/mapred/{code} or {code}RULE:[2:$1@$0](j...@realm.tld)s/.*/mapred/{code} > hadoop.security.auth_to_local example is incorrect in the documentation > --- > > Key: HADOOP-14229 > URL: https://issues.apache.org/jira/browse/HADOOP-14229 > Project: Hadoop Common > Issue Type: Bug >Reporter: Andras Bokor >Assignee: Andras Bokor >Priority: Trivial > > Let's see jhs as example: > {code}RULE:[2:$1@$0](jhs/.*@.*REALM.TLD)s/.*/mapred/{code} > That means principal has 2 components (jhs/myhost@REALM). > The second column converts this to jhs@REALM. So the regex will not match on > this since regex expects / in the principal. > My suggestion is > {code}RULE:[2:$1](jhs)s/.*/mapred/{code} -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org