[
https://issues.apache.org/jira/browse/AMBARI-18804?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Levas updated AMBARI-18804:
----------------------------------
Status: Patch Available (was: In Progress)
> Manage Ambari principals should be set to off when upgrading Ambari from
> versions < 2.4.0
> -----------------------------------------------------------------------------------------
>
> Key: AMBARI-18804
> URL: https://issues.apache.org/jira/browse/AMBARI-18804
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.4.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Priority: Critical
> Fix For: 2.4.2
>
> Attachments: AMBARI-18804_branch-2.4_01.patch,
> AMBARI-18804_branch-2.5_01.patch, AMBARI-18804_trunk_01.patch
>
>
> Since users would have manually set up the Ambari principal after enabling
> Kerberos using {{ambari-server setup-security}} {{option #3}} ("Setup Ambari
> kerberos JAAS configuration") in Ambari versions before 2.4.0, there is no
> need to configure Ambari to automatically manage its principals after an
> upgrade to version 2.4.0 and above.
> Therefore, upon upgrade to Ambari 2.4.0 or above, the upgrade process (in
> {{UpgradeCatalog240}}) should ensure that
> "kerberos-env/create_ambari_principal}} is set to "false". By default this
> value will be set to "true" after
> {{org.apache.ambari.server.upgrade.AbstractUpgradeCatalog#addNewConfigurationsFromXml}}
> is executed.
> Note: This may have an effect on Ambari versions 2.4.2 and above if Kerberos
> authentication is enabled and the SPNEGO ({{HTTP/_HOST}}) principal and
> keytab file is already created and installed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
