[
https://issues.apache.org/jira/browse/RANGER-686?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14948173#comment-14948173
]
Ramesh Mani commented on RANGER-686:
------------------------------------
This is good requirement, but both passwords and keytabs requires the rotation
periodically and that would be the best practice.
I believe Ambari can propagate the keytabs across the ranger-machines during
installation and configuration. [~aloklal99]'s question on keytabs lying on the
disk, isn't it the same case for the other keytabs files that are used in
secure cluster? What will happen in the case of simple cluster where we don't
have KDC and keytab?
> Allow specifying keytabs in Ranger repositories
> -----------------------------------------------
>
> Key: RANGER-686
> URL: https://issues.apache.org/jira/browse/RANGER-686
> Project: Ranger
> Issue Type: New Feature
> Reporter: Velmurugan Periasamy
> Assignee: Gautam Borad
> Fix For: 0.6.0
>
>
> PROBLEM: Currently you have to specify a principal and password when
> configuring Ranger repositories. It would be useful to allow specifying a
> principal and keytab instead of password for authenticating the lookup-client
> user.
> USE CASE: Sites which have regular password expiration will experience the
> lookup clients fail routinely. Also specifying keytab instead of password is
> considered a best practice.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
