[jira] [Updated] (AMBARI-22293) Improve KDC integration

Robert Levas (JIRA) Wed, 25 Oct 2017 07:11:11 -0700

     [ 
https://issues.apache.org/jira/browse/AMBARI-22293?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Robert Levas updated AMBARI-22293:
----------------------------------
    Description: 
Improve KDC integration by making the interfaces more consistent with each 
other.

*NOTE*: For MIT KDC, the following algorithm must be removed from the set used 
when exporting keytab files: {{des-hmac-sha1:normal}}.  This is done by 
changing the {{supported_enctypes}} property in the {{kdc.conf}} file, 
typically at {{/var/kerberos/krb5kdc/kdc.conf}}. For example:
{noformat:title=From}
  supported_enctypes = aes256-cts:normal aes128-cts:normal 
des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal 
des-cbc-md5:normal des-cbc-crc:normal
{noformat}
{noformat:title=To}
  supported_enctypes = aes256-cts:normal aes128-cts:normal 
des3-hmac-sha1:normal arcfour-hmac:normal des-cbc-md5:normal des-cbc-crc:normal
{noformat}

  was:
Improve KDC integration by making the interfaces more consistent with each 
other.

Improve KDC integration by making the interfaces more consistent with each 
other.

*NOTE*: For MIT KDC, the following algorithm must be removed from the set used 
when exporting keytab files: {{des-hmac-sha1:normal}}.  This is done by 
changing the {{supported_enctypes}} property in the {{kdc.conf}} file, 
typically at {{/var/kerberos/krb5kdc/kdc.conf}}. For example:
{noformat:title=From}
  supported_enctypes = aes256-cts:normal aes128-cts:normal 
des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal 
des-cbc-md5:normal des-cbc-crc:normal
{noformat}
{noformat:title=To}
  supported_enctypes = aes256-cts:normal aes128-cts:normal 
des3-hmac-sha1:normal arcfour-hmac:normal des-cbc-md5:normal des-cbc-crc:normal
{noformat}


> Improve KDC integration
> -----------------------
>
>                 Key: AMBARI-22293
>                 URL: https://issues.apache.org/jira/browse/AMBARI-22293
>             Project: Ambari
>          Issue Type: Task
>          Components: ambari-server
>    Affects Versions: 3.0.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>              Labels: kerberos
>             Fix For: 3.0.0
>
>
> Improve KDC integration by making the interfaces more consistent with each 
> other.
> *NOTE*: For MIT KDC, the following algorithm must be removed from the set 
> used when exporting keytab files: {{des-hmac-sha1:normal}}.  This is done by 
> changing the {{supported_enctypes}} property in the {{kdc.conf}} file, 
> typically at {{/var/kerberos/krb5kdc/kdc.conf}}. For example:
> {noformat:title=From}
>   supported_enctypes = aes256-cts:normal aes128-cts:normal 
> des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal 
> des-cbc-md5:normal des-cbc-crc:normal
> {noformat}
> {noformat:title=To}
>   supported_enctypes = aes256-cts:normal aes128-cts:normal 
> des3-hmac-sha1:normal arcfour-hmac:normal des-cbc-md5:normal 
> des-cbc-crc:normal
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (AMBARI-22293) Improve KDC integration

Reply via email to