shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Demers (JIRA)" <>
Subject [jira] [Commented] (SHIRO-631) Principal mapping rules similar to Hadoop's auth_to_local
Date Tue, 18 Jul 2017 18:24:00 GMT


Brian Demers commented on SHIRO-631:

[~harisekhon] Can you describe this use case a bit more?  Do you have multiple users logging
in with the same username?  Are you using something like an email address instead of username?

> Principal mapping rules similar to Hadoop's auth_to_local
> ---------------------------------------------------------
>                 Key: SHIRO-631
>                 URL:
>             Project: Shiro
>          Issue Type: New Feature
>          Components: Authentication (log-in), Authorization (access control) , Realms

>         Environment: HDP 2.6 + Kerberos + AD LDAP multi-domain forest
>            Reporter: Hari Sekhon
>            Priority: Blocker
> Feature Request to add principal mapping rules similar to Hadoop's auth_to_local.
> This will allow munging pincipals and rule based remappings to differentiate duplicate
users in multi-domain Active Directory forests where the LDAP results returned from the global
catalog include duplicate usernames which need to be translated with a prefix/suffix in order
to differentiate between domains to prevent users from different domains sharing logins, permissions

This message was sent by Atlassian JIRA

View raw message