nifi-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeff Storck (Jira)" <>
Subject [jira] [Created] (NIFI-6833) Provide FQDN qualification of principals in KeytabCredentialsService
Date Fri, 01 Nov 2019 21:44:00 GMT
Jeff Storck created NIFI-6833:

             Summary: Provide FQDN qualification of principals in KeytabCredentialsService
                 Key: NIFI-6833
             Project: Apache NiFi
          Issue Type: Improvement
          Components: Extensions
    Affects Versions: 1.9.2
            Reporter: Jeff Storck
            Assignee: Jeff Storck
             Fix For: 1.11.0

A KeytabCredentialsService should be able to qualify a principal or shortname with the instance
on which it is running.

A new property should be added that allows the user to select one of the following qualification
 * none
 * hostname

If NiFi is running on host "" and a *KeytabCredentialsService* was created
with a *Kerberos Principal* property value of "nifi@EXAMPLE.COM", the *KeytabCredentialsService***
should be able return a qualified principal, based on the qualification option:
 * none -> "nifi@EXAMPLE.COM"
 * hostname -> "nifi/nifi@EXAMPLE.COM"
 * FQDN -> "nifi/"

If a shortname is used it should be qualified as the qualification option indicates:
 * none -> "nifi"
 * hostname -> "nifi/nifi"
 * FQDN -> "nifi/"

Validation of the *KeytabCredentialsService* should fail if the principal is already instance-qualified
and "hostname" or "FQDN" is selected for the qualification option.

This message was sent by Atlassian Jira

View raw message