You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "rangerqa (JIRA)" <ji...@apache.org> on 2016/04/14 18:05:25 UTC

[jira] [Commented] (RANGER-846) Ranger deviates from Hadoop usernames

    [ https://issues.apache.org/jira/browse/RANGER-846?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15241416#comment-15241416 ] 

rangerqa commented on RANGER-846:
---------------------------------

{color:red}-1 overall{color}.  Here are the results of testing the latest attachment
  http://issues.apache.org/jira/secure/attachment/12798754/RANGER-846.patch
  against master revision 634e8d4.

    {color:green}+1 @author{color}.  The patch does not contain any @author tags.

    {color:red}-1 tests included{color}.  The patch doesn't appear to include any new or modified tests.
                        Please justify why no new tests are needed for this patch.
                        Also please list what manual steps were performed to verify this patch.

    {color:green}+1 javac{color}.  The applied patch does not increase the total number of javac compiler warnings.

    {color:green}+1 javadoc{color}.  There were no new javadoc warning messages.

    +1 checkstyle.  The patch generated 0 code style errors.

    {color:green}+1 findbugs{color}.  The patch does not introduce any new Findbugs (version 2.0.3) warnings.

    {color:green}+1 release audit{color}.  The applied patch does not increase the total number of release audit warnings.

    {color:green}+1 core tests{color}.  The patch passed unit tests in .

Test results: https://builds.apache.org/job/PreCommit-RANGER-Build/160//testReport/
Console output: https://builds.apache.org/job/PreCommit-RANGER-Build/160//console

This message is automatically generated.

> Ranger deviates from Hadoop usernames
> -------------------------------------
>
>                 Key: RANGER-846
>                 URL: https://issues.apache.org/jira/browse/RANGER-846
>             Project: Ranger
>          Issue Type: Bug
>          Components: admin
>    Affects Versions: 0.5.0, 0.5.1, 0.5.2, 0.6.0
>         Environment: kerberos non-kerberos
>            Reporter: Bolke de Bruin
>            Assignee: Mehul Parikh
>            Priority: Critical
>              Labels: admin-interface, kerberos, user
>             Fix For: 0.6.0
>
>         Attachments: RANGER-846.patch
>
>
> Ranger-admin deviates from Hadoop (hadoop-auth) in determining what is a username and implements its own check. If not using hadoop-auth why is this not left to the underlying OS?
> This is perfectly fine on the OS and will be per HADOOP-12751 (Before HADOOP-12751 '@' and '/' were not allowed).
> [root@hdp-node pam.d]# id bolke@ad.local
> UID=1796201107(bolke@ad.local) GID=1796201107(bolke@ad.local) groepen=1796201107(bolke@ad.local),1796200513(domain users@ad.local),1796201108(test@ad.local),1950000004(ad_users)
> Not being able to do this creates integration issues when using trusts in active directory domain contexts (ie. the above bolke@ad.local is a user from a trusted domain)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)