[jira] [Assigned] (AMBARI-24528) Kerberos "Additional Realms" should not require keytab re-generation and cluster restart

Robert Levas (JIRA) Thu, 23 Aug 2018 06:27:20 -0700


     [ 
https://issues.apache.org/jira/browse/AMBARI-24528?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Robert Levas reassigned AMBARI-24528:
-------------------------------------

    Assignee: Robert Levas

> Kerberos "Additional Realms" should not require keytab re-generation and 
> cluster restart
> ----------------------------------------------------------------------------------------
>
>                 Key: AMBARI-24528
>                 URL: https://issues.apache.org/jira/browse/AMBARI-24528
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-admin, security
>    Affects Versions: 2.5.0, 2.6.0
>            Reporter: Sean Roberts
>            Assignee: Robert Levas
>            Priority: Major
>              Labels: auth_to_local, kerberos
>
> "Admin -> Kerberos -> Additonal Realms"
> * Currently requires keytab re-generation which in turn requires restarting 
> the cluster. *But it is completely unrelated to keytabs*.
> Fix:
> * Move "Additional Realms" to the "Kerberos" service configs where it 
> belongs, along with the "auth_to_local" setting which is what it is used for.
> * When it is changed:
>    ** No keytab re-generation is then required.
>    ** Instead of silently altering "auth_to_local" rules, they should come up 
> as "Recommendations".



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Assigned] (AMBARI-24528) Kerberos "Additional Realms" should not require keytab re-generation and cluster restart

Reply via email to