[jira] [Assigned] (AMBARI-19430) Use common property for principal name prefix to help with customization of unique principal names

Mon, 09 Jan 2017 12:58:18 -0800 

     [ 
https://issues.apache.org/jira/browse/AMBARI-19430?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Robert Levas reassigned AMBARI-19430:
-------------------------------------

    Assignee: Robert Levas

> Use common property for principal name prefix to help with customization of 
> unique principal names
> --------------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-19430
>                 URL: https://issues.apache.org/jira/browse/AMBARI-19430
>             Project: Ambari
>          Issue Type: Bug
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>              Labels: kerberos, kerberos_descriptor
>
> Use common property for principal name prefix to help with customization of 
> unique principal names.  
> All _headless_ Kerberos identities have a non-unique principal name (across 
> clusters). To help this issue, the cluster name is appended to these 
> principal names by adding "-$\{cluster-name|toLower()\}" after the principal 
> name component. If the user wants to change this convention, they will need 
> to find all _headless_ principals and make the change. On top of that, when 
> adding new components, they will need to remember to make the change to new 
> _headless_ principal names. 
> A better solution is to provide a _global_ property named "principal_suffix" 
> and use that in each _headless_ principal name. By default the value for this 
> property will be
> {code}
> principal_suffix="-${cluster_name|toLower()}"
> {code}
> If the user would like not use a prefix (in the event there is only a single 
> cluster connecting to the KDC), the value can be changed to
> {code}
> principal_suffix=""
> {code}
> Finally if the user would like to use some other randomizer, they can set the 
> value to something else. For example
> {code}
> principal_suffix="_12345"
> {code}
> The property is set in the Kerberos descriptor's "properties" block.   For 
> example:
> {code}
> {
>   "properties": {
>     "realm": "${kerberos-env/realm}",
>     ...,
>     "principal_suffix": "${cluster_name|toLower()}"
>   },
>   "identities": [
>     ..., 
>     {
>       "name": "smokeuser",
>       "principal": {
>         "value": "${cluster-env/smokeuser}-${principal_suffix}@${realm}",
>         "type": "user",
>         "configuration": "cluster-env/smokeuser_principal_name",
>         "local_username": "${cluster-env/smokeuser}"
>       },
>       ...
>     }
>   ],
>   "services": [
>     {
> {code} 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to