[
https://issues.apache.org/jira/browse/AMBARI-11590?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Levas updated AMBARI-11590:
----------------------------------
Attachment: AMBARI-11590_02.patch
> Kerberos: provide option to set test account name
> -------------------------------------------------
>
> Key: AMBARI-11590
> URL: https://issues.apache.org/jira/browse/AMBARI-11590
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.1.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Priority: Critical
> Labels: kerberos
> Fix For: 2.1.0
>
> Attachments: AMBARI-11590_01.patch, AMBARI-11590_02.patch
>
>
> In many situations with large-scale Active Directory deployments, the
> krb5.conf is managed outside of Ambari. This krb5.conf file is configured
> with all of the DC's in the AD domain, and the outbound requests to the KDC
> from clients are load balanced across those servers. In many scenarios the
> user replication latency causes issues with users not found during the test
> process. Due to the fact that we generate a new user every time we test,
> this can get users to a circular situation in which they can never leave this
> state because of multi-KDC's in their krb5.conf and delay associated with
> replication.
> 1) Expose the option to set the test kerberos client principal name (under
> Advanced kerberos-env)
> 2) Default the value to something unique, but less than 20 characters {code}
> ${cluster_name}-${short_date}
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
