[
https://issues.apache.org/jira/browse/AMBARI-8976?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Levas updated AMBARI-8976:
---------------------------------
Attachment: AMBARI-8976_02.patch
> Use cluster property rather than cluster-env/security_enabled to enable or
> disable Kerberos
> -------------------------------------------------------------------------------------------
>
> Key: AMBARI-8976
> URL: https://issues.apache.org/jira/browse/AMBARI-8976
> Project: Ambari
> Issue Type: Task
> Components: ambari-server
> Affects Versions: 2.0.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Priority: Blocker
> Labels: kerberos
> Fix For: 2.0.0
>
> Attachments: AMBARI-8976_01.patch, AMBARI-8976_02.patch
>
>
> Use a cluster property rather than {{cluster-env/security_enabled}} to enable
> or disable Kerberos. Since {{cluster-env/security_enabled}} is used by
> services to determine if Kerberos is enabled or not, it should not be set
> before completing the process of enabling or disabling Kerberos. To declare
> whether the cluster enable or disable Kerberos, a property on the cluster
> should be set. The property should be called {{security_type}} and must have
> one of the following values:
> * NONE
> * KERBEROS
> By using {{cluster-env/security_enabled}}, the configuration property gets
> set to "true" before Kerberos is filly enabled. This is causing issues with
> stopping services so that the updated Kerberos-related configurations can be
> set.
> Example API call to enable Kerberos
> {code:title=PUT /api/v1/clusters/c1}
> {
> "Clusters" : {
> "security_type" : "KERBEROS"
> }
> }
> {code}
> Example API call to disable Kerberos
> {code:title=PUT /api/v1/clusters/c1}
> {
> "Clusters" : {
> "security_type" : "NONE"
> }
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
