[jira] [Commented] (AMBARI-12093) Enable Security Wizard not honoring the unchecking of the "Manage Kerberos client krb5.conf" check box

Wed, 24 Jun 2015 11:09:47 -0700 

    [ 
https://issues.apache.org/jira/browse/AMBARI-12093?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14599858#comment-14599858
 ] 

Zack Marsh commented on AMBARI-12093:
-------------------------------------

The addition of this setting to the krb5.conf template isn't fixing the 
checkbox issue, but instead working around it. When the setting 
“udp_preference_limit = 1" is added to the krb5.conf template, we no longer 
need to use the krb5.conf file that we were generating that included this, 
therefore we no longer need to un-check the "Manage Kerberos client krb5.conf" 
check box.

Setting udp_preference_limit = 1 will force the KDC to always use TCP instead 
of UDP, which is working on our configuration.

Hortonworks (Dhruv Kumar) and myself have been unable to reproduce the issue in 
which Ambari doesn't honor deselecting the check box, therefore instead of 
digging into that issue, I'm requesting an update to the default krb5.conf 
template.



> Enable Security Wizard not honoring the unchecking of the "Manage Kerberos 
> client krb5.conf" check box
> ------------------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-12093
>                 URL: https://issues.apache.org/jira/browse/AMBARI-12093
>             Project: Ambari
>          Issue Type: Bug
>         Environment: ambari-2.1.0-1213, hdp-2.3.0.0-2450, sles11sp3
>            Reporter: Zack Marsh
>            Assignee: Robert Levas
>            Priority: Blocker
>
> In Ambari's Enable Kerberos Wizard, in the step “Configure Kerberos” there is 
> a check-box under “Advanced krb-conf” for “Manage Kerberos client krb5.conf". 
> We are generating our own krb5.conf file in our Kerberos setup script,  
> therefore we have been deselecting this check-box to prevent Ambari from 
> overwriting our changes.
> In the last several builds of Ambari/HDP some users (using Chrome and 
> Firefox) are finding that Ambari is not honoring un-checking this option, and 
> overwriting the krb4.conf file. This is resulting in many failures starting 
> services (Data Node and Journal Node) during the last step of the Kerberos 
> Wizard.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to