Robert Levas created AMBARI-9170:
------------------------------------
Summary: Principal creation for Active Directory accounts should
be configurable
Key: AMBARI-9170
URL: https://issues.apache.org/jira/browse/AMBARI-9170
Project: Ambari
Issue Type: Improvement
Components: ambari-server
Affects Versions: 2.0.0
Reporter: Robert Levas
Assignee: Robert Levas
Fix For: 2.0.0
The properties used to create accounts in an Active Directory, related to
principal creation, should be configurable such that a user may specify the
required fields and their values (with variable replacement).
This may be done using a simple structure like XML or JSON, however a template
facility (like Jinja2) may be more useful since conditional paths may be built
in. The template should be stored in the {{kerberos-env}} configuration.
An example of a need for a conditional path in a template is related to
_service_ accounts vs _user_ accounts. A _service_ account (such as
nn/\_HOST@REALM) should have the {{servicePrincipalName}} field set to the
service's principal, where this value shouldn't be set for a _user_ account
(such as hdfs@REALM).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
