[
https://issues.apache.org/jira/browse/AMBARI-16171?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15312289#comment-15312289
]
Robert Levas commented on AMBARI-16171:
---------------------------------------
[~elserj], I think you have got it. The only thing I would change is the check
to see if Kerberos was enabled....
{code}
if 'KERBEROS' in servicesList:
{code}
to
{code}
if "cluster-env" in services["configurations"] \
and "security_enabled" in
services["configurations"]["cluster-env"]["properties"] \
and
services["configurations"]["cluster-env"]["properties"]["security_enabled"].lower()
== "true":
{code}
Also, there is a lot of logging going on in the stack advisor. You can
probably remove that or set the logging level to debug.
> Changes to Phoenix QueryServer Kerberos configuration
> -----------------------------------------------------
>
> Key: AMBARI-16171
> URL: https://issues.apache.org/jira/browse/AMBARI-16171
> Project: Ambari
> Issue Type: Improvement
> Reporter: Josh Elser
> Assignee: Josh Elser
> Fix For: 2.4.1
>
> Attachments: AMBARI-16171-stackadvisor-WIP.patch,
> AMBARI-16171.001.patch, AMBARI-16171.002.patch, AMBARI-16171.003.patch,
> AMBARI-16171.006.patch, AMBARI-16171.007.patch, AMBARI-16171.009.patch,
> AMBARI-16171.addendum.patch, AMBARI-16171.addendum2.patch
>
>
> The up-coming version of Phoenix will contain some new functionality to
> support Kerberos authentication of clients via SPNEGO with the Phoenix Query
> Server (PQS).
> Presently, Ambari will configure PQS to use the hbase service keytab which
> will result in the SPNEGO authentication failing as the RFC requires that the
> "primary" component of the Kerberos principal for the server is "HTTP". Thus,
> we need to ensure that we switch PQS over to use the spnego.service.keytab as
> the keytab and "HTTP/_HOST@REALM" as the principal.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
