Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-15316

Kerberos: Provide SHA256 or SHA512 options for template principal digest

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    Description

      When generating accounts in an Active Directory, it may be useful to add a unique value to CN's. In the past generating this value was done by taking the SHA1 hash of the relevant normalized principal name. For example ambari-qa-c1@EXAMPLE.COM yields d9b48cb1c075d3da9fab4855a4031266bab8fb6a.

      Because using SHA1 at all may not be desirable, Ambari should provide options to use the following digest algorithms in the Active Directory account creation attribute template (kerberos-env/ad_create_attributes_template:

      Attribute Variables Example
      $principal_digest SHA1 hash of the $normalized_principal
      $principal_digest_256 SHA256 hash of the $normalized_principal
      $principal_digest_512 SHA512 hash of the $normalized_principal

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            rlevas Robert Levas
            rlevas Robert Levas
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment