Hari Sekhon created AMBARI-8112:
-----------------------------------
Summary: kerberos_setup.sh replaces /etc/krb5.conf, defaulting
back to EXAMPLE.COM which causes failure
Key: AMBARI-8112
URL: https://issues.apache.org/jira/browse/AMBARI-8112
Project: Ambari
Issue Type: Bug
Affects Versions: 1.7.0
Environment: HDP 2.2
Reporter: Hari Sekhon
Priority: Minor
If you've already set up and initialized your MIT KDC with realm and it's
database (preferably via automation), you'll find kerberos_setup.sh replaces
/etc/krb5.conf from /var/lib/ambari-server/resources/scripts/krb5.conf, which
resets the config file back to it's default with realm EXAMPLE.COM, causing
failures to create principals and export their keytabs:
{code}
Authenticating as principal root/[email protected] with password.
kadmin.local: Can not fetch master key (error: No such file or directory).
while initializing kadmin.local interface
...
<repeated a few dozen times>
...
cp: cannot stat `/root/tmp_keytabs/smokeuser.headless.keytab': No such file or
directory
...
<repeated a few dozen times>
...
chown: cannot access
`/root/keytabs_host.domain.com/etc/security/keytabs/smokeuser.headless.keytab':
No such file or directory
...
<repeated a few dozen times>
...
{code}
I've worked around this by just copying /etc/krb5.conf over
/var/lib/ambari-server/resources/scripts/krb5.conf rather than editing the
script to overwrite it.
Still, it should be possible to check if the config is non-default or the krb
db has been initialized and not overwrite /etc/krb5.conf.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
