Robert Levas created AMBARI-11360:
-------------------------------------
Summary: Kerberos FE: during disable, need option skip if unable
to access KDC to remove principals
Key: AMBARI-11360
URL: https://issues.apache.org/jira/browse/AMBARI-11360
Project: Ambari
Issue Type: Bug
Components: ambari-web
Affects Versions: 2.0.0, 2.1.0
Reporter: Robert Levas
Assignee: Robert Levas
Priority: Critical
Fix For: 2.1.0
Attempted to disable kerb, fails on step to unkerberize because KDC admin is
locked out.
Click retry, can't make it past that.
Need option to skip and finish "disable kerberos" even if Ambari cannot get the
principals cleaned up (i.e. cannot access the KDC) Losing access to the KDC and
attempting to disable where ambari can't clean-up the principals should be a
skip'able step. User should still be able to get to a clean,
not-enabled-kerberos-ambari-state w/o accessing the KDC.
*Solution*
Based on user input, execute API call to disable Kerberos with the
*manage_kerberos_identities* _directive_ set to *false*. Example:
{code:title=PUT /api/v1/clusters/c1?manage_kerberos_identities=false}
{
"Clusters": {
"security_type" : "NONE"
}
}
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
