[
https://issues.apache.org/jira/browse/AMBARI-10478?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Levas resolved AMBARI-10478.
-----------------------------------
Resolution: Fixed
> Manually enable Kerberos security
> ---------------------------------
>
> Key: AMBARI-10478
> URL: https://issues.apache.org/jira/browse/AMBARI-10478
> Project: Ambari
> Issue Type: Epic
> Components: alerts, ambari-agent, ambari-server
> Affects Versions: 2.1.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Labels: kerberos
> Fix For: 2.1.0
>
>
> Provide an option for users that want to enable Kerberos in the cluster via
> Ambari but do not want any automation. With this option, ambari will not
> require any access to the KDC, will not install kerberos clients, will not
> attempt to generate any principals or keytabs and will not distribute any
> keytabs. Keytab regeneration will not be available, and when there are
> changes to the cluster (add service, add/remove/change host), the user is
> responsible for creating principals and making sure the appropriate keytabs
> are in place on the host for proper cluster function (although Ambari should
> handle updating any configs).
> Effectively, this above option provides a manual Kerberos option for users
> that are looking to have the similar "hands-off" ambari kerberos experience
> of 1.7.0 or earlier.
> On the Kerberos Wizard, provide an option (below Existing MIT KDC and
> Existing Active Directory):
> [ ] Manage Kerberos principals and keytabs manually
> Which will send the wizard thru a path that does not prompt for KDC
> information, or attempt to install clients or create principals/keytabs. The
> user should have a chance to Configure Identities as part of the wizard and
> the wizard will push the configs, performs restarts, etc. Users should have
> an option to download a CSV of principals, keytabs, hosts, locations,
> permissions, ownership.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
