Robert Levas created AMBARI-19430:
-------------------------------------
Summary: Use common property for principal name prefix to help
with customization of unique principal names
Key: AMBARI-19430
URL: https://issues.apache.org/jira/browse/AMBARI-19430
Project: Ambari
Issue Type: Bug
Reporter: Robert Levas
Use common property for principal name prefix to help with customization of
unique principal names.
All _headless_ Kerberos identities have a non-unique principal name (across
clusters). To help this issue, the cluster name is appended to these principal
names by adding "-$\{cluster-name|toLower()\}" after the principal name
component. If the user wants to change this convention, they will need to find
all _headless_ principals and make the change. On top of that, when adding new
components, they will need to remember to make the change to new _headless_
principal names.
A better solution is to provide a _global_ property named "principal_suffix"
and use that in each _headless_ principal name. By default the value for this
property will be
{code}
principal_suffix="-${cluster_name|toLower()}"
{code}
If the user would like not use a prefix (in the event there is only a single
cluster connecting to the KDC), the value can be changed to
{code}
principal_suffix=""
{code}
Finally if the user would like to use some other randomizer, they can set the
value to something else. For example
{code}
principal_suffix="_12345"
{code}
The property is set in the Kerberos descriptor's "properties" block. For
example:
{code}
{
"properties": {
"realm": "${kerberos-env/realm}",
...,
"principal_suffix": "${cluster_name|toLower()}"
},
"identities": [
...,
{
"name": "smokeuser",
"principal": {
"value": "${cluster-env/smokeuser}-${principal_suffix}@${realm}",
"type": "user",
"configuration": "cluster-env/smokeuser_principal_name",
"local_username": "${cluster-env/smokeuser}"
},
...
}
],
"services": [
{
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
