[
https://issues.apache.org/jira/browse/AMBARI-10305?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14394606#comment-14394606
]
Hadoop QA commented on AMBARI-10305:
------------------------------------
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12709244/AMBARI-10305_01.patch
against trunk revision .
{color:red}-1 patch{color}. The patch command could not apply the patch.
Console output:
https://builds.apache.org/job/Ambari-trunk-test-patch/2238//console
This message is automatically generated.
> Kerberos: during disable, need option skip if unable to access KDC to remove
> principals
> ---------------------------------------------------------------------------------------
>
> Key: AMBARI-10305
> URL: https://issues.apache.org/jira/browse/AMBARI-10305
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.0.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Priority: Critical
> Labels: kerberos
> Fix For: 2.1.0
>
> Attachments: AMBARI-10305_01.patch
>
>
> Attempted to disable kerb, fails on step to unkerberize because KDC admin is
> locked out.
> Click retry, can't make it past that.
> Need option to skip and finish "disable kerberos" even if Ambari cannot get
> the principals cleaned up (i.e. cannot access the KDC) Losing access to the
> KDC and attempting to disable where ambari can't clean-up the principals
> should be a skip'able step. User should still be able to get to a clean,
> not-enabled-kerberos-ambari-state w/o accessing the KDC.
> *Solution*
> Add a flag to the kerberos-env configuration to specify whether Kerberos
> identities should be managed by Ambari (true, default) or not (false). This
> flag is to be overridable via a _directive_ like {{manage_identities=false}}
> when disabling Kerberos, which will skip over any KDC administrative
> processes.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
