> On Dec. 4, 2017, 1:14 p.m., Bolke de Bruin wrote: > > DISCLAIMER: It is a long time that i have looked at this code. > > > > The reason for putting it in a separate group in ipa was to be able to set > > certain security parameters (no expiry of passwords). This change requires > > to have this set per user or for the whole default group, if you dont > > change the default. Is this documented? > > Robert Levas wrote: > Thanks for the comment. > > I understand the use of the group. The concept is not being removed, > just the default value. > > Documention will need to be crated for IPA integration. I hope to get to > it. I will need to see if we already have a wiki article on enabling Kerberos > via Ambari.
Ideally the content should be added to https://github.com/apache/ambari/blob/trunk/ambari-server/docs/security/kerberos/enabling_kerberos.md#enabling-kerberos. - Robert ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/64305/#review192729 ----------------------------------------------------------- On Dec. 4, 2017, 12:02 p.m., Robert Levas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/64305/ > ----------------------------------------------------------- > > (Updated Dec. 4, 2017, 12:02 p.m.) > > > Review request for Ambari, Attila Magyar, Bolke de Bruin, Balázs Bence Sári, > Eugene Chekanskiy, and Sandor Molnar. > > > Bugs: AMBARI-22583 > https://issues.apache.org/jira/browse/AMBARI-22583 > > > Repository: ambari > > > Description > ------- > > When creating user principals while enabling Kerberos using FreeIPA, Ambari > should not force accounts to be added a user named > 'ambari-managed-principals'. > > This occurs because the default value of `kerberos-env/ipa_user_group` is > "ambari-managed-principals". To stop forcing this, the default value should > be empty. > > > Diffs > ----- > > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml > 293bcf8962 > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-30/configuration/kerberos-env.xml > 293bcf8962 > > ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/configuration/kerberos-env.xml > a66a7a6cfa > > > Diff: https://reviews.apache.org/r/64305/diff/1/ > > > Testing > ------- > > Manually tested > > > Thanks, > > Robert Levas > >
