[jira] [Updated] (AMBARI-10479) Add the ability to enable Kerberos and not manage identities

Tue, 14 Apr 2015 14:07:22 -0700 

     [ 
https://issues.apache.org/jira/browse/AMBARI-10479?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Robert Levas updated AMBARI-10479:
----------------------------------
    Attachment: AMBARI-10479_01.patch

Updates to allow for the Kerberos service check to handle the cases when Ambari 
is managing Kerberos identities and when Ambari is _not_ managing Kerberos 
identities. 

Patch File [^AMBARI-10479_01.patch]

> Add the ability to enable Kerberos and not manage identities
> ------------------------------------------------------------
>
>                 Key: AMBARI-10479
>                 URL: https://issues.apache.org/jira/browse/AMBARI-10479
>             Project: Ambari
>          Issue Type: Task
>          Components: ambari-server
>    Affects Versions: 2.1.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>              Labels: kerberos
>             Fix For: 2.1.0
>
>         Attachments: AMBARI-10479_01.patch
>
>
> Add the ability to enable Kerberos and not manage identities.  This should be 
> done by allowing a user to specify whether all relevant Kerberos identities 
> _should_ or _should not_ be managed by Ambari.  
> A *kerberos-env* property named *manage_identities* is to be added where its 
> value may be either _true_ or _false_.  By default the value is _true_ (or 
> rather _not false_).  
> If _not false_, Ambari will access the registered KDC to create, update, and 
> delete Kerberos identities as needed.  Ambari will also create, distribute, 
> and delete keytab files as needed. Because of this, the KDC administrator 
> credentials are required. This is the current behavior of Ambari 2.0.0.
> If _false_, Ambari will *not* access the registered KDC to create, update, or 
> delete Kerberos identities.  It will also *not* create, distribute, or delete 
> keytab files. Not KDC administrator credentials will be needed.
> Note: a lot of this work has been done for AMBARI-10305.  A current known 
> problem with the solution for AMBARI-10305 is that the Kerberos service check 
> fails when kerberos-env/manage_identities is false due to missing data since 
> the special smoke user was not created.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to