You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2015/01/27 19:56:35 UTC

[jira] [Created] (AMBARI-9359) Remove toLowerCase() from userPrincipalName in default Kerberos principal create template

Robert Levas created AMBARI-9359:
------------------------------------

             Summary: Remove toLowerCase() from userPrincipalName in default Kerberos principal create template
                 Key: AMBARI-9359
                 URL: https://issues.apache.org/jira/browse/AMBARI-9359
             Project: Ambari
          Issue Type: Task
          Components: ambari-server, stacks
    Affects Versions: 2.0.0
            Reporter: Robert Levas
            Assignee: Robert Levas
             Fix For: 2.0.0


Remove toLowerCase() from userPrincipalName in default Kerberos principal create template. This is creating an issue with principals that have upper-cased characters and Active Directory such that when kinit-ing, authenticating fails:

{code:title=kinit -V -k -t /etc/security/keytabs/spnego.service.keytab }
HTTP/c6501.ambari.apache.org
Using default cache: /tmp/krb5cc_0
Using principal: HTTP/c6501.ambari.apache.org@HDP01.LOCAL
Using keytab: /etc/security/keytabs/spnego.service.keytab
kinit: Preauthentication failed while getting initial credentials
{code}

An example of the offending template is as follows:
{code:title=from kerberos-env.xml}
{
  "objectClass": ["top", "person", "organizationalPerson", "user"],
  "cn": "$principal_name",
  #if( $is_service )
  "servicePrincipalName": "$principal_name",
  #end
  "userPrincipalName": "$normalized_principal.toLowerCase()",
  "unicodePwd": "$password",
  "accountExpires": "0",
  "userAccountControl": "66048"
}
{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)