[jira] [Commented] (AMBARI-6432) FreeIPA Support in Ambari

Wed, 09 Mar 2016 09:49:13 -0800 

    [ 
https://issues.apache.org/jira/browse/AMBARI-6432?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15187503#comment-15187503
 ] 

Robert Levas commented on AMBARI-6432:
--------------------------------------

[~bolke]... I am trying to figure out how to upgrade to 4, but I have gotten 
side-tracked.  It would have been nice if yum installed it for me. Bummer. 

Regarding the password change issue... This is handled internally by Ambari by 
generating the keytabs itself. Because you are asking IPA to generate the 
keytab file for you, it is probably generating a random key each time.   You 
will see this for all headless principals.  I will have to check the logic for 
MIT KDC and AD, but I was under the impression that the code was smart enough 
to know that a keytab file was crated and cached so it only did it once.  Maybe 
the test principal logic isn't as smart. 


> FreeIPA Support in Ambari
> -------------------------
>
>                 Key: AMBARI-6432
>                 URL: https://issues.apache.org/jira/browse/AMBARI-6432
>             Project: Ambari
>          Issue Type: Improvement
>          Components: ambari-server
>    Affects Versions: trunk
>            Reporter: jay vyas
>            Assignee: Bolke de Bruin
>             Fix For: 2.4.0
>
>         Attachments: AMBARI-6432-FreeIPA.patch, AMBARI-6432.patch, 
> AMBARI-6432.trunk.v1.patch, AMBARI-6432.trunk.v2.patch, 
> AMBARI-6432.trunk.v3.patch, AMBARI-6432.trunk.v4.patch, 
> AMBARI-6432.trunk.v5.patch, AMBARI-6432.trunk.v5.patch, ipa-patch-v0.5.patch
>
>
> FreeIPA Is a powerful tool for unifying identity, kerberos credentials, 
> across a cluster.
> A great value add for ambari would be to provide support for using FreeIPA to 
> kerberize services.  This would allow for 
> 1) better HCFS interoperability, because first class GID/UID is critical for 
> certain file systems (GlusterFS, Lustre, and any other file system which uses 
> kernel / FUSE apis for determining identity)
> 2) better enterprise interoperability.  Because of the fact that FreeIPA 
> makes it easy to interop with different identity solutions (like active 
> directory), it would make ambari easier to adopt for various enterprises.
> 3) broadens ambaris scope.  Now ambari could also allow people to setup the 
> users of their clusters, and at least some of the security features of their 
> clusters, all from one interface (no more manual handling of TGTs and such - 
> it could all be done quite easily via the ambari UI which could make calls to 
> underlying FreeIPA clients).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to