----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/64305/#review192729 -----------------------------------------------------------
DISCLAIMER: It is a long time that i have looked at this code. The reason for putting it in a separate group in ipa was to be able to set certain security parameters (no expiry of passwords). This change requires to have this set per user or for the whole default group, if you dont change the default. Is this documented? - Bolke de Bruin On dec 4, 2017, 5:02 p.m., Robert Levas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/64305/ > ----------------------------------------------------------- > > (Updated dec 4, 2017, 5:02 p.m.) > > > Review request for Ambari, Attila Magyar, Bolke de Bruin, Balázs Bence Sári, > Eugene Chekanskiy, and Sandor Molnar. > > > Bugs: AMBARI-22583 > https://issues.apache.org/jira/browse/AMBARI-22583 > > > Repository: ambari > > > Description > ------- > > When creating user principals while enabling Kerberos using FreeIPA, Ambari > should not force accounts to be added a user named > 'ambari-managed-principals'. > > This occurs because the default value of `kerberos-env/ipa_user_group` is > "ambari-managed-principals". To stop forcing this, the default value should > be empty. > > > Diffs > ----- > > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml > 293bcf8962 > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-30/configuration/kerberos-env.xml > 293bcf8962 > > ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/configuration/kerberos-env.xml > a66a7a6cfa > > > Diff: https://reviews.apache.org/r/64305/diff/1/ > > > Testing > ------- > > Manually tested > > > Thanks, > > Robert Levas > >
