Jeff Storck created NIFI-6833: --------------------------------- Summary: Provide FQDN qualification of principals in KeytabCredentialsService Key: NIFI-6833 URL: https://issues.apache.org/jira/browse/NIFI-6833 Project: Apache NiFi Issue Type: Improvement Components: Extensions Affects Versions: 1.9.2 Reporter: Jeff Storck Assignee: Jeff Storck Fix For: 1.11.0
A KeytabCredentialsService should be able to qualify a principal or shortname with the instance on which it is running. A new property should be added that allows the user to select one of the following qualification options: * none * hostname * FQDN If NiFi is running on host "nifi.apache.org" and a *KeytabCredentialsService* was created with a *Kerberos Principal* property value of "n...@example.com", the *KeytabCredentialsService*** should be able return a qualified principal, based on the qualification option: * none -> "n...@example.com" * hostname -> "nifi/n...@example.com" * FQDN -> "nifi/nifi.apache....@example.com" If a shortname is used it should be qualified as the qualification option indicates: * none -> "nifi" * hostname -> "nifi/nifi" * FQDN -> "nifi/nifi.apache.org" Validation of the *KeytabCredentialsService* should fail if the principal is already instance-qualified and "hostname" or "FQDN" is selected for the qualification option. -- This message was sent by Atlassian Jira (v8.3.4#803005)