[jira] [Resolved] (AMBARI-13312) Enable Kerberos is not working

Wed, 07 Oct 2015 22:47:29 -0700 

     [ 
https://issues.apache.org/jira/browse/AMBARI-13312?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vijay Srinivasaraghavan resolved AMBARI-13312.
----------------------------------------------
    Resolution: Won't Fix


>>Ambari server krb5.conf is not getting updated with the values supplied in UI
Expectation is ambari server should be deployed on the same same machine along 
side with ambari agent. If ambari server is deployed on a separate host then 
krb5.conf will have to be updated manually.

>>Service keytab (kerberos.service_check.100515.keytab) seems to be having some 
>>issues.
Issue is related to AES encryption type. If we don't install JCE policy, then 
the krb5.conf from both KDC server and all the clients should not include AES 
as default supported encryption key.



> Enable Kerberos is not working
> ------------------------------
>
>                 Key: AMBARI-13312
>                 URL: https://issues.apache.org/jira/browse/AMBARI-13312
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: trunk
>         Environment: SLES 11 SP3
>            Reporter: Vijay Srinivasaraghavan
>
> I have installed MIT KDC server on host1. Hadoop cluster and Ambari Server 
> running in host 2 (in two separate containers). I have created a hadoop 
> cluster with ZK, YARN/MR2 and HDFS services. When I try to enable security by 
> using existing KDC, I see below 2 issues.
> 1) Ambari server krb5.conf is not getting updated with the values supplied in 
> UI
> 2) Service keytab (kerberos.service_check.100515.keytab) seems to be having 
> some issues.
> {code}
> lglop193:/ # klist
> klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
> lglop193:/ # cd /etc/security/keytabs/
> lglop193:/etc/security/keytabs # ls
> kerberos.service_check.100515.keytab
> lglop193:/etc/security/keytabs # /usr/bin/kinit -c 
> /var/lib/ambari-agent/tmp/kerberos_service_check_cc_8b60256b73fc5454fc5737d0a1ce9887
>  -kt /etc/security/keytabs/kerberos.service_check.100515.keytab 
> [email protected]
> kinit(v5): Key table entry not found while getting initial credentials
> lglop193:/etc/security/keytabs # kinit C-100515 -k -t 
> kerberos.service_check.100515.keytab
> kinit(v5): Key table entry not found while getting initial credentials
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to