Robert Levas created AMBARI-10479:
-------------------------------------
Summary: Add the ability to enable Kerberos and not manage
identities
Key: AMBARI-10479
URL: https://issues.apache.org/jira/browse/AMBARI-10479
Project: Ambari
Issue Type: Task
Components: ambari-server
Affects Versions: 2.1.0
Reporter: Robert Levas
Assignee: Robert Levas
Fix For: 2.1.0
Add the ability to enable Kerberos and not manage identities. This should be
done by allowing a user to specify whether all relevant Kerberos identities
_should_ or _should not_ be managed by Ambari.
A *kerberos-env* property named *manage_identities* is to be added where its
value may be either _true_ or _false_. By default the value is _true_ (or
rather _not false_).
If _not false_, Ambari will access the registered KDC to create, update, and
delete Kerberos identities as needed. Ambari will also create, distribute, and
delete keytab files as needed. Because of this, the KDC administrator
credentials are required. This is the current behavior of Ambari 2.0.0.
If _false_, Ambari will *not* access the registered KDC to create, update, or
delete Kerberos identities. It will also *not* create, distribute, or delete
keytab files. Not KDC administrator credentials will be needed.
Note: a lot of this work has been done for AMBARI-10305. A current known
problem with the solution for AMBARI-10305 is that the Kerberos service check
fails when kerberos-env/manage_identities is false due to missing data since
the special smoke user was not created.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
