[jira] [Commented] (NIFI-6833) Provide instance qualification of principals in KeytabCredentialsService
[
https://issues.apache.org/jira/browse/NIFI-6833?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17014613#comment-17014613
]
Jeff Storck commented on NIFI-6833:
---
Since there's an EL workaround for this (using ${hostname()} or
$hostname(true)} in the principal field depending on the desired result), I'll
remove the fix version of 1.11.0 from the ticket. This can be merged for the
next release.
> Provide instance qualification of principals in KeytabCredentialsService
>
>
> Key: NIFI-6833
> URL: https://issues.apache.org/jira/browse/NIFI-6833
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
>Affects Versions: 1.9.2
>Reporter: Jeff Storck
>Assignee: Jeff Storck
>Priority: Major
> Fix For: 1.11.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> A KeytabCredentialsService should be able to qualify a principal or shortname
> with the instance on which it is running.
> A new property should be added that allows the user to select one of the
> following qualification options:
> * none
> * hostname
> * FQDN
> If NiFi is running on host "nifi.apache.org" and a *KeytabCredentialsService*
> was created with a *Kerberos Principal* property value of "n...@example.com",
> the *KeytabCredentialsService*** should be able return a qualified principal,
> based on the qualification option:
> * none -> "n...@example.com"
> * hostname -> "nifi/n...@example.com"
> * FQDN -> "nifi/nifi.apache@example.com"
> If a shortname is used it should be qualified as the qualification option
> indicates:
> * none -> "nifi"
> * hostname -> "nifi/nifi"
> * FQDN -> "nifi/nifi.apache.org"
> Validation of the *KeytabCredentialsService* should fail if the principal is
> already instance-qualified and "hostname" or "FQDN" is selected for the
> qualification option.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (NIFI-6833) Provide instance qualification of principals in KeytabCredentialsService
[ https://issues.apache.org/jira/browse/NIFI-6833?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17012322#comment-17012322 ] Jeff Storck commented on NIFI-6833: --- With the release candidate preparation for Apache NiFi 1.11.0 approaching, I'd like to get the PR for this JIRA merged to master. I need another day or two to address the comments on the PR. > Provide instance qualification of principals in KeytabCredentialsService > > > Key: NIFI-6833 > URL: https://issues.apache.org/jira/browse/NIFI-6833 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions >Affects Versions: 1.9.2 >Reporter: Jeff Storck >Assignee: Jeff Storck >Priority: Major > Fix For: 1.11.0 > > Time Spent: 20m > Remaining Estimate: 0h > > A KeytabCredentialsService should be able to qualify a principal or shortname > with the instance on which it is running. > A new property should be added that allows the user to select one of the > following qualification options: > * none > * hostname > * FQDN > If NiFi is running on host "nifi.apache.org" and a *KeytabCredentialsService* > was created with a *Kerberos Principal* property value of "n...@example.com", > the *KeytabCredentialsService*** should be able return a qualified principal, > based on the qualification option: > * none -> "n...@example.com" > * hostname -> "nifi/n...@example.com" > * FQDN -> "nifi/nifi.apache@example.com" > If a shortname is used it should be qualified as the qualification option > indicates: > * none -> "nifi" > * hostname -> "nifi/nifi" > * FQDN -> "nifi/nifi.apache.org" > Validation of the *KeytabCredentialsService* should fail if the principal is > already instance-qualified and "hostname" or "FQDN" is selected for the > qualification option. -- This message was sent by Atlassian Jira (v8.3.4#803005)
