[
https://issues.apache.org/jira/browse/AMBARI-16171?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Josh Elser updated AMBARI-16171:
--------------------------------
Attachment: AMBARI-16171.001.patch
I think this is along the lines of what would need to be done for PQS to use
the spnego keytab and principal.
I'm not sure what needs to be done to handle the upgrade scenario though.
> Changes to Phoenix QueryServer Kerberos configuration
> -----------------------------------------------------
>
> Key: AMBARI-16171
> URL: https://issues.apache.org/jira/browse/AMBARI-16171
> Project: Ambari
> Issue Type: Improvement
> Reporter: Josh Elser
> Assignee: Josh Elser
> Attachments: AMBARI-16171.001.patch
>
>
> The up-coming version of Phoenix will contain some new functionality to
> support Kerberos authentication of clients via SPNEGO with the Phoenix Query
> Server (PQS).
> Presently, Ambari will configure PQS to use the hbase service keytab which
> will result in the SPNEGO authentication failing as the RFC requires that the
> "primary" component of the Kerberos principal for the server is "HTTP". Thus,
> we need to ensure that we switch PQS over to use the spnego.service.keytab as
> the keytab and "HTTP/_HOST@REALM" as the principal.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
