Robert Levas created AMBARI-11590:
-------------------------------------
Summary: Kerberos: provide option to set test account name
Key: AMBARI-11590
URL: https://issues.apache.org/jira/browse/AMBARI-11590
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.1.0
Reporter: Robert Levas
Assignee: Robert Levas
Priority: Critical
Fix For: 2.1.0
In many situations with large-scale Active Directory deployments, the krb5.conf
is managed outside of Ambari. This krb5.conf file is configured with all of
the DC's in the AD domain, and the outbound requests to the KDC from clients
are load balanced across those servers. In many scenarios the user replication
latency causes issues with users not found during the test process. Due to the
fact that we generate a new user every time we test, this can get users to a
circular situation in which they can never leave this state because of
multi-KDC's in their krb5.conf and delay associated with replication.
1) Expose the option to set the test kerberos client principal name (under
Advanced kerberos-env)
2) Default the value to something unique, but less than 20 characters {code}
${cluster_name}-${ddmm}
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
