You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2015/01/27 19:56:35 UTC
[jira] [Created] (AMBARI-9359) Remove toLowerCase() from
userPrincipalName in default Kerberos principal create template
Robert Levas created AMBARI-9359:
------------------------------------
Summary: Remove toLowerCase() from userPrincipalName in default Kerberos principal create template
Key: AMBARI-9359
URL: https://issues.apache.org/jira/browse/AMBARI-9359
Project: Ambari
Issue Type: Task
Components: ambari-server, stacks
Affects Versions: 2.0.0
Reporter: Robert Levas
Assignee: Robert Levas
Fix For: 2.0.0
Remove toLowerCase() from userPrincipalName in default Kerberos principal create template. This is creating an issue with principals that have upper-cased characters and Active Directory such that when kinit-ing, authenticating fails:
{code:title=kinit -V -k -t /etc/security/keytabs/spnego.service.keytab }
HTTP/c6501.ambari.apache.org
Using default cache: /tmp/krb5cc_0
Using principal: HTTP/c6501.ambari.apache.org@HDP01.LOCAL
Using keytab: /etc/security/keytabs/spnego.service.keytab
kinit: Preauthentication failed while getting initial credentials
{code}
An example of the offending template is as follows:
{code:title=from kerberos-env.xml}
{
"objectClass": ["top", "person", "organizationalPerson", "user"],
"cn": "$principal_name",
#if( $is_service )
"servicePrincipalName": "$principal_name",
#end
"userPrincipalName": "$normalized_principal.toLowerCase()",
"unicodePwd": "$password",
"accountExpires": "0",
"userAccountControl": "66048"
}
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)