Status

Current state"Accepted"

Discussion thread: here 

JIRA: here

Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).

Motivation

KIP-203 implemented support to convert Kerberos principal name to lower case Linux user name via auth_to_local rules.
As a follow-up, KafkaShortnamer can be further extended to allow converting principal names to uppercase by appending /U to the rule.

One use-case is given here:  Unable to render Jira issues macro, execution error.

Proposed Changes

We propose to extend "sasl.kerberos.principal.to.local.rules"  config rule format/syntax by supporting an optional  "/U" (toUpperCase) at the end of the rule. Since usernames are locale insensitive strings, we propose to use Locale.ENGLISH for the case conversion

 For example, given the rules

"RULE:[2:$1@$0](JOE-QA-.*@EXAMPLE.COM)s/.*/joe-qa//U",
"RULE:[2:$1@$0](joe-qa-.*@EXAMPLE.COM)s/.*/joe-qa//U",
"RULE:[2:$1@$0](.*@EXAMPLE.COM)s/@.*///U"
If the source string is JOE-QA-cl1/host@EXAMPLE.COM, the result will be JOE-QA
If the source string is joe-qa-cl1/host@EXAMPLE.COM, the result will be JOE-QA
If the source string is joe_user/host@EXAMPLE.COM, the result will be JOE-USER
If the source string is JOE_user/host@EXAMPLE.COM, the result will be JOE-USER


Compatibility, Deprecation, and Migration Plan

  • This is an extension to the existing sasl.kerberos.principal.to.local.rules format and there will be no impact on existing users.

Rejected Alternatives


  • No labels