[ https://issues.apache.org/jira/browse/HADOOP-10556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13992793#comment-13992793 ]
Hudson commented on HADOOP-10556: --------------------------------- FAILURE: Integrated in Hadoop-Hdfs-trunk #1751 (See [https://builds.apache.org/job/Hadoop-Hdfs-trunk/1751/]) HADOOP-10556. [FIXING JIRA NUMBER TYPO] Add toLowerCase support to auth_to_local rules for service name. (tucu) (tucu: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1593107) * /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt > Add toLowerCase support to auth_to_local rules for service name > --------------------------------------------------------------- > > Key: HADOOP-10556 > URL: https://issues.apache.org/jira/browse/HADOOP-10556 > Project: Hadoop Common > Issue Type: Improvement > Components: security > Affects Versions: 2.4.0 > Reporter: Alejandro Abdelnur > Assignee: Alejandro Abdelnur > Fix For: 2.5.0 > > Attachments: HADOOP-10556.patch, HADOOP-10556.patch > > > When using Vintela to integrate Linux with AD, principals are lowercased. If > the accounts in AD have uppercase characters (ie FooBar) the Kerberos > principals have also uppercase characters (ie FooBar/<HOST>). Because of > this, when a service (Yarn/HDFS) extracts the service name from the Kerberos > principal (FooBar) and uses it for obtain groups the user is not found > because via Linux the user FooBar is unknown, it has been converted to foobar. -- This message was sent by Atlassian JIRA (v6.2#6252)