(ambari) branch trunk updated: AMBARI-26277:fix kerberos encryption error (#3926)

Mon, 13 Jan 2025 23:38:21 -0800 

This is an automated email from the ASF dual-hosted git repository.

jialiang pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 191300255e AMBARI-26277:fix kerberos encryption error (#3926)
191300255e is described below

commit 191300255ebfb6c77f7a797042d11ed7971dd996
Author: tongxiaojun <[email protected]>
AuthorDate: Tue Jan 14 15:38:10 2025 +0800

    AMBARI-26277:fix kerberos encryption error (#3926)
---
 .../BIGTOP/3.2.0/services/KERBEROS/configuration/kerberos-env.xml     | 2 +-
 .../stacks/BIGTOP/3.2.0/services/KERBEROS/properties/krb5_conf.j2     | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git 
a/ambari-server/src/main/resources/stacks/BIGTOP/3.2.0/services/KERBEROS/configuration/kerberos-env.xml
 
b/ambari-server/src/main/resources/stacks/BIGTOP/3.2.0/services/KERBEROS/configuration/kerberos-env.xml
index d00e59790a..d00423ce61 100644
--- 
a/ambari-server/src/main/resources/stacks/BIGTOP/3.2.0/services/KERBEROS/configuration/kerberos-env.xml
+++ 
b/ambari-server/src/main/resources/stacks/BIGTOP/3.2.0/services/KERBEROS/configuration/kerberos-env.xml
@@ -126,7 +126,7 @@
     <description>
       The supported list of session key encryption types that should be 
returned by the KDC.
     </description>
-    <value>aes des3-cbc-sha1 rc4 des-cbc-md5</value>
+    <value>aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96</value>
     <value-attributes>
       <type>multiLine</type>
       <overridable>false</overridable>
diff --git 
a/ambari-server/src/main/resources/stacks/BIGTOP/3.2.0/services/KERBEROS/properties/krb5_conf.j2
 
b/ambari-server/src/main/resources/stacks/BIGTOP/3.2.0/services/KERBEROS/properties/krb5_conf.j2
index 574147f027..2526046d36 100644
--- 
a/ambari-server/src/main/resources/stacks/BIGTOP/3.2.0/services/KERBEROS/properties/krb5_conf.j2
+++ 
b/ambari-server/src/main/resources/stacks/BIGTOP/3.2.0/services/KERBEROS/properties/krb5_conf.j2
@@ -23,8 +23,8 @@
   dns_lookup_realm = false
   dns_lookup_kdc = false
   default_ccache_name = /tmp/krb5cc_%{uid}
-  #default_tgs_enctypes = {{encryption_types}}
-  #default_tkt_enctypes = {{encryption_types}}
+  default_tgs_enctypes = {{encryption_types}}
+  default_tkt_enctypes = {{encryption_types}}
   {%- if force_tcp %}
   udp_preference_limit = 1
   {%- endif -%}


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to