You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Bolke de Bruin (JIRA)" <ji...@apache.org> on 2016/02/13 22:53:18 UTC

[jira] [Created] (RANGER-846) Ranger deviates from Hadoop usernames

Bolke de Bruin created RANGER-846:
-------------------------------------

             Summary: Ranger deviates from Hadoop usernames
                 Key: RANGER-846
                 URL: https://issues.apache.org/jira/browse/RANGER-846
             Project: Ranger
          Issue Type: Bug
          Components: admin
    Affects Versions: 0.5.0, 0.5.1, 0.5.2, 0.6.0
         Environment: kerberos non-kerberos
            Reporter: Bolke de Bruin
            Priority: Critical
             Fix For: 0.6.0


Ranger-admin deviates from Hadoop (hadoop-auth) in determining what is a username and implements its own check. If not using hadoop-auth why is this not left to the underlying OS?

This is perfectly fine on the OS and will be per HADOOP-12751 (Before HADOOP-12751 '@' and '/' were not allowed).

[root@hdp-node pam.d]# id bolke@ad.local
UID=1796201107(bolke@ad.local) GID=1796201107(bolke@ad.local) groepen=1796201107(bolke@ad.local),1796200513(domain users@ad.local),1796201108(test@ad.local),1950000004(ad_users)

Not being able to do this creates integration issues when using trusts in active directory domain contexts (ie. the above bolke@ad.local is a user from a trusted domain)





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)