[
https://issues.apache.org/jira/browse/AMBARI-7780?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14171877#comment-14171877
]
Hudson commented on AMBARI-7780:
--------------------------------
SUCCESS: Integrated in Ambari-trunk-Commit #584 (See
[https://builds.apache.org/job/Ambari-trunk-Commit/584/])
AMBARI-7780. Storm UI server should have the same default keytab value as of
other components for spnego principal. (jaimin) (jaimin:
http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=4b63b0958d56aa15116e67f412bdd66a61dd451c)
* ambari-web/app/data/HDP2/secure_properties.js
> Storm UI server should have the same default keytab value as of other
> components for spnego principal
> -----------------------------------------------------------------------------------------------------
>
> Key: AMBARI-7780
> URL: https://issues.apache.org/jira/browse/AMBARI-7780
> Project: Ambari
> Issue Type: Bug
> Components: ambari-web
> Affects Versions: 1.7.0
> Reporter: Jaimin D Jetly
> Assignee: Jaimin D Jetly
> Priority: Critical
> Fix For: 1.7.0
>
> Attachments: AMBARI-7780.patch, AMBARI-7780_branch-1.7.0.patch
>
>
> The problem will occur when there are two different keytabs containing same
> principal on a host. In this scenario only one principal will be considered
> to be valid. (The reason is due to different kvno of the principal in both
> keytabs while using --randkey option to add principal to keytab)
> For example if Namenode host and Storm UI Server are co-hosted.
> spnego.service.keytab will have principal HTTP/[email protected] which
> will be used by NameNode web UI.
> Storm UI daemon will also try to authenticate with the same principal but
> from a different keytab path and with different kvno.
> In this scenario the keytab that was created last with the principal will
> hold valid principal and the other daemon will fail to authenticate with
> kerberos authentication error.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
