You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Jeff Storck (Jira)" <ji...@apache.org> on 2020/01/13 19:53:00 UTC
[jira] [Updated] (NIFI-6833) Provide instance qualification of
principals in KeytabCredentialsService
[ https://issues.apache.org/jira/browse/NIFI-6833?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jeff Storck updated NIFI-6833:
------------------------------
Fix Version/s: (was: 1.11.0)
> Provide instance qualification of principals in KeytabCredentialsService
> ------------------------------------------------------------------------
>
> Key: NIFI-6833
> URL: https://issues.apache.org/jira/browse/NIFI-6833
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
> Affects Versions: 1.9.2
> Reporter: Jeff Storck
> Assignee: Jeff Storck
> Priority: Major
> Time Spent: 20m
> Remaining Estimate: 0h
>
> A KeytabCredentialsService should be able to qualify a principal or shortname with the instance on which it is running.
> A new property should be added that allows the user to select one of the following qualification options:
> * none
> * hostname
> * FQDN
> If NiFi is running on host "nifi.apache.org" and a *KeytabCredentialsService* was created with a *Kerberos Principal* property value of "nifi@EXAMPLE.COM", the *KeytabCredentialsService*** should be able return a qualified principal, based on the qualification option:
> * none -> "nifi@EXAMPLE.COM"
> * hostname -> "nifi/nifi@EXAMPLE.COM"
> * FQDN -> "nifi/nifi.apache.org@EXAMPLE.COM"
> If a shortname is used it should be qualified as the qualification option indicates:
> * none -> "nifi"
> * hostname -> "nifi/nifi"
> * FQDN -> "nifi/nifi.apache.org"
> Validation of the *KeytabCredentialsService* should fail if the principal is already instance-qualified and "hostname" or "FQDN" is selected for the qualification option.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)