[
https://issues.apache.org/jira/browse/AMBARI-13292?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Levas updated AMBARI-13292:
----------------------------------
Description:
Enhance the Kerberos backend to allow for the retention of KDC administrative
credentials. Once securely stored, users may opt to remove the stored
credentials.
See AMBARI-13214 for information on the relevant API calls.
The alias name for the KDC administrator credential should be
"kdc.admin.credential"
For example:
*Create Credential Resource*
{code}
POST /api/v1/clusters/{CLUSTER_NAME}/credentials/kdc.admin.credential
{
"Credential" : {
"principal" : "admin/[email protected]",
"key" : "h4d00p&!",
"type" : "persisted"
}
}
{code}
*Update Credential Resource*
{code}
PUT /api/v1/clusters/{CLUSTER_NAME}/credentials/kdc.admin.credential
{
"Credential" : {
"key" : "newpassword",
"type" : "temporary"
}
}
{code}
*Get Credential Resource*
{code}
GET /api/v1/clusters/{CLUSTER_NAME}/credentials/kdc.admin.credential
{code}
*Delete Credential Resource*
{code}
DELETE /api/v1/clusters/{CLUSTER_NAME}/credentials/kdc.admin.credential
{code}
was:
Enhance the Kerberos backend to allow for the retention of KDC administrative
credentials. Once securely stored, users may opt to remove the stored
credentials.
See AMBARI-13214 for information on the relevant API calls.
The alias name for the KDC administrator credential should be
"kdc.administrator.credential"
For example:
*Create Credential Resource*
{code}
POST /api/v1/clusters/{CLUSTER_NAME}/credentials/kdc.administrator.credential
{
"Credential" : {
"principal" : "admin/[email protected]",
"key" : "h4d00p&!",
"type" : "persisted"
}
}
{code}
*Update Credential Resource*
{code}
PUT /api/v1/clusters/{CLUSTER_NAME}/credentials/kdc.administrator.credential
{
"Credential" : {
"key" : "newpassword",
"type" : "temporary"
}
}
{code}
*Get Credential Resource*
{code}
GET /api/v1/clusters/{CLUSTER_NAME}/credentials/kdc.administrator.credential
{code}
*Delete Credential Resource*
{code}
DELETE /api/v1/clusters/{CLUSTER_NAME}/credentials/kdc.administrator.credential
{code}
> Kerberos: Retain KDC admin credentials
> --------------------------------------
>
> Key: AMBARI-13292
> URL: https://issues.apache.org/jira/browse/AMBARI-13292
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.1.3
> Reporter: Robert Levas
> Assignee: Robert Levas
> Labels: kerberos
> Fix For: 2.1.3
>
>
> Enhance the Kerberos backend to allow for the retention of KDC administrative
> credentials. Once securely stored, users may opt to remove the stored
> credentials.
> See AMBARI-13214 for information on the relevant API calls.
> The alias name for the KDC administrator credential should be
> "kdc.admin.credential"
> For example:
> *Create Credential Resource*
> {code}
> POST /api/v1/clusters/{CLUSTER_NAME}/credentials/kdc.admin.credential
> {
> "Credential" : {
> "principal" : "admin/[email protected]",
> "key" : "h4d00p&!",
> "type" : "persisted"
> }
> }
> {code}
> *Update Credential Resource*
> {code}
> PUT /api/v1/clusters/{CLUSTER_NAME}/credentials/kdc.admin.credential
> {
> "Credential" : {
> "key" : "newpassword",
> "type" : "temporary"
> }
> }
> {code}
> *Get Credential Resource*
> {code}
> GET /api/v1/clusters/{CLUSTER_NAME}/credentials/kdc.admin.credential
> {code}
> *Delete Credential Resource*
> {code}
> DELETE /api/v1/clusters/{CLUSTER_NAME}/credentials/kdc.admin.credential
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
