Jeff Storck created NIFI-6833:
---------------------------------
Summary: Provide FQDN qualification of principals in
KeytabCredentialsService
Key: NIFI-6833
URL: https://issues.apache.org/jira/browse/NIFI-6833
Project: Apache NiFi
Issue Type: Improvement
Components: Extensions
Affects Versions: 1.9.2
Reporter: Jeff Storck
Assignee: Jeff Storck
Fix For: 1.11.0
A KeytabCredentialsService should be able to qualify a principal or shortname
with the instance on which it is running.
A new property should be added that allows the user to select one of the
following qualification options:
* none
* hostname
* FQDN
If NiFi is running on host "nifi.apache.org" and a *KeytabCredentialsService*
was created with a *Kerberos Principal* property value of "n...@example.com",
the *KeytabCredentialsService*** should be able return a qualified principal,
based on the qualification option:
* none -> "n...@example.com"
* hostname -> "nifi/n...@example.com"
* FQDN -> "nifi/nifi.apache....@example.com"
If a shortname is used it should be qualified as the qualification option
indicates:
* none -> "nifi"
* hostname -> "nifi/nifi"
* FQDN -> "nifi/nifi.apache.org"
Validation of the *KeytabCredentialsService* should fail if the principal is
already instance-qualified and "hostname" or "FQDN" is selected for the
qualification option.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
