[
https://issues.apache.org/jira/browse/AMBARI-24528?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sean Roberts updated AMBARI-24528:
----------------------------------
Description:
"Admin -> Kerberos -> Additonal Realms"
* Currently requires keytab re-generation. *But it is completely unrelated to
keytabs*.
Fix:
* Move "Additional Realms" to the "Kerberos" service configs where it belongs,
along with the "auth_to_local" setting which is what it is used for.
* No keytab re-generation is then required.
* Instead of silently altering "auth_to_local" rules, they should come up as
"Recommendations".
was:
"Admin -> Kerberos -> Additonal Realms"
* Currently requires keytab re-generation. *But it is completely unrelated to
keytabs*.
Fix:
* Move "Additional Realms" to the "Kerberos" service configs where it belongs,
along with the "auth_to_local" setting which is what it is used for.
* No keytab re-generation is then required.
> Kerberos "Additional Realms" should not require keytab re-generation
> --------------------------------------------------------------------
>
> Key: AMBARI-24528
> URL: https://issues.apache.org/jira/browse/AMBARI-24528
> Project: Ambari
> Issue Type: Bug
> Components: ambari-admin, security
> Affects Versions: 2.5.0, 2.6.0
> Reporter: Sean Roberts
> Priority: Major
> Labels: auth_to_local, kerberos
>
> "Admin -> Kerberos -> Additonal Realms"
> * Currently requires keytab re-generation. *But it is completely unrelated to
> keytabs*.
> Fix:
> * Move "Additional Realms" to the "Kerberos" service configs where it
> belongs, along with the "auth_to_local" setting which is what it is used for.
> * No keytab re-generation is then required.
> * Instead of silently altering "auth_to_local" rules, they should come up as
> "Recommendations".
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
