nifi-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeff Storck (Jira)" <j...@apache.org>
Subject [jira] [Created] (NIFI-6833) Provide FQDN qualification of principals in KeytabCredentialsService
Date Fri, 01 Nov 2019 21:44:00 GMT
Jeff Storck created NIFI-6833:
---------------------------------

             Summary: Provide FQDN qualification of principals in KeytabCredentialsService
                 Key: NIFI-6833
                 URL: https://issues.apache.org/jira/browse/NIFI-6833
             Project: Apache NiFi
          Issue Type: Improvement
          Components: Extensions
    Affects Versions: 1.9.2
            Reporter: Jeff Storck
            Assignee: Jeff Storck
             Fix For: 1.11.0


A KeytabCredentialsService should be able to qualify a principal or shortname with the instance
on which it is running.

A new property should be added that allows the user to select one of the following qualification
options:
 * none
 * hostname
 * FQDN

If NiFi is running on host "nifi.apache.org" and a *KeytabCredentialsService* was created
with a *Kerberos Principal* property value of "nifi@EXAMPLE.COM", the *KeytabCredentialsService***
should be able return a qualified principal, based on the qualification option:
 * none -> "nifi@EXAMPLE.COM"
 * hostname -> "nifi/nifi@EXAMPLE.COM"
 * FQDN -> "nifi/nifi.apache.org@EXAMPLE.COM"

If a shortname is used it should be qualified as the qualification option indicates:
 * none -> "nifi"
 * hostname -> "nifi/nifi"
 * FQDN -> "nifi/nifi.apache.org"

Validation of the *KeytabCredentialsService* should fail if the principal is already instance-qualified
and "hostname" or "FQDN" is selected for the qualification option.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message