Robert Levas created AMBARI-16023:
-------------------------------------
Summary: Auth-to-local rule generation duplicates default rules
when adding case-insensitive default rules
Key: AMBARI-16023
URL: https://issues.apache.org/jira/browse/AMBARI-16023
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.2.0
Reporter: Robert Levas
Assignee: Robert Levas
Priority: Critical
Fix For: 2.4.0
When re-generating auth-to-local rules where existing rules are already set,
the default (or fallback) rule for the default and additional realms is
duplicated but the extra instance(s) have the case-insensitive flag:
Example:
{noformat:title=Was}
...
RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
...
{noformat}
{noformat:title=Becomes}
...
RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//
RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*///L
...
{noformat}
*Steps to Reproduce*
# Create cluster with (at least) HDFS
# Enable Kerberos (do not check the box next to "Enable case insensitive
username rules"; kerberos-env/case_insensitive_username_rules should be false
# Edit Kerberos configuration and check "Enable case insensitive username
rules" to set kerberos-env/case_insensitive_username_rules to true
# Regenerate Keytabs
# See duplicate entry in HDFS configs (core-site/hadoop.security.auth_to_local)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
