[
https://issues.apache.org/jira/browse/AMBARI-9261?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Levas updated AMBARI-9261:
---------------------------------
Attachment: AMBARI-9261_02.patch
> Ensure enable/disable Kerberos logic should invoke only when state of
> security flag is changed
> ----------------------------------------------------------------------------------------------
>
> Key: AMBARI-9261
> URL: https://issues.apache.org/jira/browse/AMBARI-9261
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.0.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Priority: Blocker
> Labels: kerberos, security
> Fix For: 2.0.0
>
> Attachments: AMBARI-9261_01.patch, AMBARI-9261_02.patch
>
>
> The logic to enable or disable Kerberos is typically invoked when the Cluster
> resource is updated. This occurs for several reasons, not all of them
> indicate the state of Kerberos should be altered.
> By processing all updated to the Cluster resource, the enable/disable
> Kerberos may get invoked when not necessary causing _noise_ on the task list
> and potentially generating an error condition if the KDC administrator
> credentials are not available. Certain states of the system will trigger the
> enable/disable Kerberos logic to perform tasks requiring the KDC
> administrator credentials. If not explicitly handing the security state
> change, this behavior is not desired.
> To solve the issue, test the request on the update Cluster resource to see if
> the security state property (cluster-env/security_enabled) has been altered,
> if so invoke enable/disable Kerberos logic; else do not invoke enable/disable
> Kerberos logic.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
