[jira] [Commented] (AMBARI-10479) Add the ability to enable Kerberos and not manage identities

Fri, 17 Apr 2015 15:32:58 -0700 

    [ 
https://issues.apache.org/jira/browse/AMBARI-10479?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14500813#comment-14500813
 ] 

Hudson commented on AMBARI-10479:
---------------------------------

SUCCESS: Integrated in Ambari-trunk-Commit #2355 (See 
[https://builds.apache.org/job/Ambari-trunk-Commit/2355/])
AMBARI-10479. Add the ability to enable Kerberos and not manage identities 
(rlevas) (rlevas: 
http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=2e6d9d61f8b7e11f548b3f12da49edd9d1f8843a)
* 
ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
* 
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py
* 
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
* 
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/service_check.py


> Add the ability to enable Kerberos and not manage identities
> ------------------------------------------------------------
>
>                 Key: AMBARI-10479
>                 URL: https://issues.apache.org/jira/browse/AMBARI-10479
>             Project: Ambari
>          Issue Type: Task
>          Components: ambari-server
>    Affects Versions: 2.1.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>              Labels: kerberos
>             Fix For: 2.1.0
>
>         Attachments: AMBARI-10479_01.patch
>
>
> Add the ability to enable Kerberos and not manage identities.  This should be 
> done by allowing a user to specify whether all relevant Kerberos identities 
> _should_ or _should not_ be managed by Ambari.  
> A *kerberos-env* property named *manage_identities* is to be added where its 
> value may be either _true_ or _false_.  By default the value is _true_ (or 
> rather _not false_).  
> If _not false_, Ambari will access the registered KDC to create, update, and 
> delete Kerberos identities as needed.  Ambari will also create, distribute, 
> and delete keytab files as needed. Because of this, the KDC administrator 
> credentials are required. This is the current behavior of Ambari 2.0.0.
> If _false_, Ambari will *not* access the registered KDC to create, update, or 
> delete Kerberos identities.  It will also *not* create, distribute, or delete 
> keytab files. Not KDC administrator credentials will be needed.
> Note: a lot of this work has been done for AMBARI-10305.  A current known 
> problem with the solution for AMBARI-10305 is that the Kerberos service check 
> fails when kerberos-env/manage_identities is false due to missing data since 
> the special smoke user was not created.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to