[AMBARI-15316] Kerberos: Provide SHA256 or SHA512 options for template principal digest - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.0.0
Fix Version/s: 2.4.0
Component/s: ambari-server
Labels:

Description

When generating accounts in an Active Directory, it may be useful to add a unique value to CN's. In the past generating this value was done by taking the SHA1 hash of the relevant normalized principal name. For example ambari-qa-c1@EXAMPLE.COM yields d9b48cb1c075d3da9fab4855a4031266bab8fb6a.

Because using SHA1 at all may not be desirable, Ambari should provide options to use the following digest algorithms in the Active Directory account creation attribute template (kerberos-env/ad_create_attributes_template:

Attribute Variables	Example
$principal_digest	SHA1 hash of the $normalized_principal
$principal_digest_256	SHA256 hash of the $normalized_principal
$principal_digest_512	SHA512 hash of the $normalized_principal

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

AMBARI-15316_trunk_01.patch
07/Mar/16 17:49
7 kB
Robert Levas

Issue Links

links to

ReviewBoard

Activity

People

Assignee:: Robert Levas

Reporter:: Robert Levas

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 07/Mar/16 13:33

Updated:: 08/Mar/16 19:37

Resolved:: 08/Mar/16 17:45