ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bolke de Bruin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-846) Ranger deviates from Hadoop usernames
Date Sat, 13 Feb 2016 21:54:18 GMT

    [ https://issues.apache.org/jira/browse/RANGER-846?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15146216#comment-15146216
] 

Bolke de Bruin commented on RANGER-846:
---------------------------------------

See also RANGER-833

> Ranger deviates from Hadoop usernames
> -------------------------------------
>
>                 Key: RANGER-846
>                 URL: https://issues.apache.org/jira/browse/RANGER-846
>             Project: Ranger
>          Issue Type: Bug
>          Components: admin
>    Affects Versions: 0.5.0, 0.5.1, 0.5.2, 0.6.0
>         Environment: kerberos non-kerberos
>            Reporter: Bolke de Bruin
>            Priority: Critical
>              Labels: admin-interface, kerberos, user
>             Fix For: 0.6.0
>
>
> Ranger-admin deviates from Hadoop (hadoop-auth) in determining what is a username and
implements its own check. If not using hadoop-auth why is this not left to the underlying
OS?
> This is perfectly fine on the OS and will be per HADOOP-12751 (Before HADOOP-12751 '@'
and '/' were not allowed).
> [root@hdp-node pam.d]# id bolke@ad.local
> UID=1796201107(bolke@ad.local) GID=1796201107(bolke@ad.local) groepen=1796201107(bolke@ad.local),1796200513(domain
users@ad.local),1796201108(test@ad.local),1950000004(ad_users)
> Not being able to do this creates integration issues when using trusts in active directory
domain contexts (ie. the above bolke@ad.local is a user from a trusted domain)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message