[jira] [Assigned] (AMBARI-9783) Ability to manually enable Kerberos security

Tue, 14 Apr 2015 11:44:40 -0700 

     [ 
https://issues.apache.org/jira/browse/AMBARI-9783?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Robert Levas reassigned AMBARI-9783:
------------------------------------

    Assignee: Robert Levas

> Ability to manually enable Kerberos security
> --------------------------------------------
>
>                 Key: AMBARI-9783
>                 URL: https://issues.apache.org/jira/browse/AMBARI-9783
>             Project: Ambari
>          Issue Type: Epic
>          Components: ambari-server, security
>    Affects Versions: 2.0.0
>            Reporter: Jeff Sposetti
>            Assignee: Robert Levas
>             Fix For: 2.1.0
>
>
> Provide an option for users that want to enable Kerberos in the cluster via 
> Ambari but do not want any automation. With this option, ambari will not 
> require any access to the KDC, will not install kerberos clients, will not 
> attempt to generate any principals or keytabs and will not distribute any 
> keytabs. Keytab regeneration will not be available, and when there are 
> changes to the cluster (add service, add/remove/change host), the user is 
> responsible for creating principals and making sure the appropriate keytabs 
> are in place on the host for proper cluster function (although Ambari should 
> handle updating any configs).
> Effectively, this above option provides a manual Kerberos option for users 
> that are looking to have the similar "hands-off" ambari kerberos experience 
> of 1.7.0 or earlier.
> On the Kerberos Wizard, provide an option (below Existing MIT KDC and 
> Existing Active Directory):
> {code}
> [ ] Manage Kerberos principals and keytabs manually
> {code}
> Which will send the wizard thru a path that does not prompt for KDC 
> information, or attempt to install clients or create principals/keytabs. The 
> user should have a chance to Configure Identities as part of the wizard and 
> the wizard will push the configs, performs restarts, etc. Users should have 
> an option to download a CSV of principals, keytabs, hosts, locations, 
> permissions, ownership.
> Semi-related: as part of this work, for users that will use kerberos 
> automation, expose an option to not install Kerberos clients.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to