[jira] [Commented] (AMBARI-12093) Enable Security Wizard not honoring the unchecking of the "Manage Kerberos client krb5.conf" check box

Wed, 24 Jun 2015 10:55:53 -0700 

    [ 
https://issues.apache.org/jira/browse/AMBARI-12093?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14599832#comment-14599832
 ] 

Robert Levas commented on AMBARI-12093:
---------------------------------------

[~zmarsh13],   I am confused how adding "“udp_preference_limit = 1" to the 
krb5.conf template fixes the "Manage Kerberos client krb5.conf" checkbox issue. 
  

In any case, it appears that you are trying to get the Kerberos client to 
commnicate via UPD rather than TCP and I beleive that the default settings for 
the MIT KDC on SLES is to listen only on UDP.  Unless you have a need to use 
UDP only, I would suggest changing the KDC configuration to listen on TCP ports 
as well.   This can be done by editting the kdc.conf file and adding a 
"kdc_tcp_ports" value. See 
http://web.mit.edu/kerberos/krb5-1.13/doc/admin/conf_files/kdc_conf.html#kdcdefaults.



> Enable Security Wizard not honoring the unchecking of the "Manage Kerberos 
> client krb5.conf" check box
> ------------------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-12093
>                 URL: https://issues.apache.org/jira/browse/AMBARI-12093
>             Project: Ambari
>          Issue Type: Bug
>         Environment: ambari-2.1.0-1213, hdp-2.3.0.0-2450, sles11sp3
>            Reporter: Zack Marsh
>            Assignee: Robert Levas
>            Priority: Blocker
>
> In Ambari's Enable Kerberos Wizard, in the step “Configure Kerberos” there is 
> a check-box under “Advanced krb-conf” for “Manage Kerberos client krb5.conf". 
> We are generating our own krb5.conf file in our Kerberos setup script,  
> therefore we have been deselecting this check-box to prevent Ambari from 
> overwriting our changes.
> In the last several builds of Ambari/HDP some users (using Chrome and 
> Firefox) are finding that Ambari is not honoring un-checking this option, and 
> overwriting the krb4.conf file. This is resulting in many failures starting 
> services (Data Node and Journal Node) during the last step of the Kerberos 
> Wizard.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to