This is an automated email from the ASF dual-hosted git repository.
sekikn pushed a commit to branch branch-3.2
in repository https://gitbox.apache.org/repos/asf/bigtop.git
The following commit(s) were added to refs/heads/branch-3.2 by this push:
new 08a482bfb BIGTOP-3901. Fix failure of Kerberos deployment on Rocky
Linux 8 and Ubuntu 22.04. (#1081)
08a482bfb is described below
commit 08a482bfbb9c04840beffc3ed3a4bc4d37326bdc
Author: Masatake Iwasaki <[email protected]>
AuthorDate: Tue Jan 24 11:26:53 2023 +0900
BIGTOP-3901. Fix failure of Kerberos deployment on Rocky Linux 8 and Ubuntu
22.04. (#1081)
(cherry picked from commit 4060af80cdc032bc2e3fb18720dc9fd6722bc21e)
---
bigtop-deploy/puppet/modules/kerberos/manifests/init.pp | 4 ++--
bigtop-deploy/puppet/modules/kerberos/templates/kdc.conf | 5 ++---
bigtop-deploy/puppet/modules/kerberos/templates/krb5.conf | 4 +---
3 files changed, 5 insertions(+), 8 deletions(-)
diff --git a/bigtop-deploy/puppet/modules/kerberos/manifests/init.pp
b/bigtop-deploy/puppet/modules/kerberos/manifests/init.pp
index d6642bdd4..e5b05a00d 100644
--- a/bigtop-deploy/puppet/modules/kerberos/manifests/init.pp
+++ b/bigtop-deploy/puppet/modules/kerberos/manifests/init.pp
@@ -68,7 +68,7 @@ class kerberos {
}
# Required for SPNEGO
- @principal { "HTTP":
+ @kerberos::principal { "HTTP":
}
}
@@ -111,7 +111,7 @@ class kerberos {
subscribe => File["${kdc_etc_path}/kdc.conf"],
# refreshonly => true,
- require => [Package["$package_name_kdc"],
File["${kdc_etc_path}/kdc.conf"], File["/etc/krb5.conf"]],
+ require => [Package["$package_name_kdc"],
Package["$package_name_admin"], File["${kdc_etc_path}/kdc.conf"],
File["/etc/krb5.conf"]],
}
service { $service_name_kdc:
diff --git a/bigtop-deploy/puppet/modules/kerberos/templates/kdc.conf
b/bigtop-deploy/puppet/modules/kerberos/templates/kdc.conf
index 906af60aa..aa052c557 100644
--- a/bigtop-deploy/puppet/modules/kerberos/templates/kdc.conf
+++ b/bigtop-deploy/puppet/modules/kerberos/templates/kdc.conf
@@ -28,8 +28,7 @@ default_realm = <%= @realm %>
key_stash_file = <%= @kdc_etc_path %>/stash
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
- master_key_type = des3-hmac-sha1
- supported_enctypes = arcfour-hmac:normal des3-hmac-sha1:normal
des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3
-# supported_enctypes = des3-hmac-sha1:normal arcfour-hmac:normal
des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4
des-cbc-crc:afs3
+ master_key_type = aes256-cts
+ supported_enctypes = aes256-cts:normal aes128-cts:normal
arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal
# default_principal_flags = -preauth
}
diff --git a/bigtop-deploy/puppet/modules/kerberos/templates/krb5.conf
b/bigtop-deploy/puppet/modules/kerberos/templates/krb5.conf
index 10c06c751..3e38120c8 100644
--- a/bigtop-deploy/puppet/modules/kerberos/templates/krb5.conf
+++ b/bigtop-deploy/puppet/modules/kerberos/templates/krb5.conf
@@ -20,9 +20,7 @@
ticket_lifetime = 24h
forwardable = true
udp_preference_limit = 1000000
- default_tkt_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
- default_tgs_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
- permitted_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
+ permitted_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 arcfour-hmac-md5
camellia256-cts-cmac camellia128-cts-cmac
[realms]
<%= @realm %> = {
