[ https://issues.apache.org/jira/browse/AMBARI-25013?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sandor Molnar reassigned AMBARI-25013: -------------------------------------- Assignee: Sandor Molnar (was: Robert Levas) > Ambari should optionally generate auth-to-local rules for the Kerberos > identities of all components of installed services > ------------------------------------------------------------------------------------------------------------------------- > > Key: AMBARI-25013 > URL: https://issues.apache.org/jira/browse/AMBARI-25013 > Project: Ambari > Issue Type: Bug > Components: ambari-server > Affects Versions: 2.8.0 > Reporter: Rohith Sharma K S > Assignee: Sandor Molnar > Priority: Major > Labels: kerberos > Fix For: 2.8.0 > > > Ambari should optionally generate auth-to-local rules for the Kerberos > identities of all components of installed services. > Currently Ambari will generate auth-to-local rules for the installed > components of installed services. This is generally the accepted behavior. > However, there may be cases where identities from remote clusters (using the > same Kerberos realm) need to be translated to local names. > A use case may be that some slave component for a service is installed on a > remote cluster, but that component is not installed on the local cluster. > However a master component of that service is installed on the local cluster > and the slave component from the remote cluster needs to communicate with it. > The solution is to add a new property to {{kerberos-env}}, maybe named > something like {{include_all_components_in_auth_to_local_rules}}, where the > default value is {{false}}. If set to {{true}}, when building the > auth-to-local rules, Ambari should add the rules for all components of > installed services, not just the installed components (which is what it does > today). > The relevant code to change is in > {{org.apache.ambari.server.controller.KerberosHelperImpl#setAuthToLocalRules}}. > -- This message was sent by Atlassian JIRA (v7.6.3#76005)