[jira] [Commented] (AMBARI-25013) Ambari should optionally generate auth-to-local rules for the Kerberos identities of all components of installed services

Hudson (JIRA) Thu, 13 Dec 2018 10:23:09 -0800


    [ 
https://issues.apache.org/jira/browse/AMBARI-25013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16720461#comment-16720461
 ]


Hudson commented on AMBARI-25013:
---------------------------------

SUCCESS: Integrated in Jenkins build Ambari-trunk-Commit #10384 (See 
[https://builds.apache.org/job/Ambari-trunk-Commit/10384/])
AMBARI-25013. New kerberos-env property to allow auth_to_local rules for 
(github: 
[https://gitbox.apache.org/repos/asf?p=ambari.git&a=commit&h=26575d3df20503f798f5be390442dd6a3201f182])
* (edit) 
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
* (edit) 
ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
* (edit) 
ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java


> Ambari should optionally generate auth-to-local rules for the Kerberos 
> identities of all components of installed services
> -------------------------------------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-25013
>                 URL: https://issues.apache.org/jira/browse/AMBARI-25013
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.8.0
>            Reporter: Rohith Sharma K S
>            Assignee: Sandor Molnar
>            Priority: Major
>              Labels: kerberos, pull-request-available
>             Fix For: 2.8.0
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> Ambari should optionally generate auth-to-local rules for the Kerberos 
> identities of all components of installed services.  
> Currently Ambari will generate auth-to-local rules for the installed 
> components of installed services.  This is generally the accepted behavior. 
> However, there may be cases where identities from remote clusters (using the 
> same Kerberos realm) need to be translated to local names.  
> A use case may be that some slave component for a service is installed on a 
> remote cluster, but that component is not installed on the local cluster.  
> However a master component of that service is installed on the local cluster 
> and the slave component from the remote cluster needs to communicate with it. 
> The solution is to add a new property to {{kerberos-env}}, maybe named 
> something like {{include_all_components_in_auth_to_local_rules}}, where the 
> default value is {{false}}.  If set to {{true}}, when building the 
> auth-to-local rules, Ambari should add the rules for all components of 
> installed services, not just the installed components (which is what it does 
> today).  
> The relevant code to change is in 
> {{org.apache.ambari.server.controller.KerberosHelperImpl#setAuthToLocalRules}}.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (AMBARI-25013) Ambari should optionally generate auth-to-local rules for the Kerberos identities of all components of installed services

Reply via email to