Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
2.0.0
Description
When generating accounts in an Active Directory, it may be useful to add a unique value to CN's. In the past generating this value was done by taking the SHA1 hash of the relevant normalized principal name. For example ambari-qa-c1@EXAMPLE.COM yields d9b48cb1c075d3da9fab4855a4031266bab8fb6a.
Because using SHA1 at all may not be desirable, Ambari should provide options to use the following digest algorithms in the Active Directory account creation attribute template (kerberos-env/ad_create_attributes_template:
Attribute Variables | Example |
---|---|
$principal_digest | SHA1 hash of the $normalized_principal |
$principal_digest_256 | SHA256 hash of the $normalized_principal |
$principal_digest_512 | SHA512 hash of the $normalized_principal |
Attachments
Attachments
Issue Links
- links to