hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10556) Add toLowerCase support to auth_to_local rules for service name
Date Sat, 10 May 2014 22:10:23 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13992793#comment-13992793
] 

Hudson commented on HADOOP-10556:
---------------------------------

FAILURE: Integrated in Hadoop-Hdfs-trunk #1751 (See [https://builds.apache.org/job/Hadoop-Hdfs-trunk/1751/])
HADOOP-10556. [FIXING JIRA NUMBER TYPO] Add toLowerCase support to auth_to_local rules for
service name. (tucu) (tucu: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1593107)
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt


> Add toLowerCase support to auth_to_local rules for service name
> ---------------------------------------------------------------
>
>                 Key: HADOOP-10556
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10556
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.4.0
>            Reporter: Alejandro Abdelnur
>            Assignee: Alejandro Abdelnur
>             Fix For: 2.5.0
>
>         Attachments: HADOOP-10556.patch, HADOOP-10556.patch
>
>
> When using Vintela to integrate Linux with AD, principals are lowercased. If the accounts
in AD have uppercase characters (ie FooBar) the Kerberos principals have also uppercase characters
(ie FooBar/<HOST>). Because of this, when a service (Yarn/HDFS) extracts the service
name from the Kerberos principal (FooBar) and uses it for obtain groups the user is not found
because via Linux the user FooBar is unknown, it has been converted to foobar.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message