ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jaimin Jetly" <jai...@hortonworks.com>
Subject Review Request 26719: Storm UI server should have the same default keytab value as of other components for spnego principal
Date Wed, 15 Oct 2014 00:41:55 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/26719/
-----------------------------------------------------------

Review request for Ambari, Srimanth Gunturi and Yusaku Sako.


Bugs: AMBARI-7780
    https://issues.apache.org/jira/browse/AMBARI-7780


Repository: ambari


Description
-------

The problem will occur when there are two different keytabs containing same principal on a
host. In this scenario only one principal will be considered to be valid if a principal is
added to keytab in a specif way using --rankey option. (The reason is due to different kvno
of the principal in both keytabs while using --randkey option to add principal to keytab)
For example if Namenode host and Storm UI Server are co-hosted. 
spnego.service.keytab will have principal HTTP/hostname@EXAMPLE.COM which will be used by
NameNode web UI.
Storm UI daemon will also try to authenticate with the same principal but from a different
keytab path and with different kvno.
In this scenario the keytab that was created last with the principal will hold valid principal
and the other daemon will fail to authenticate with kerberos authentication error.


Diffs
-----

  ambari-web/app/data/HDP2/secure_properties.js 10d1a41 

Diff: https://reviews.apache.org/r/26719/diff/


Testing
-------

tested e2e by securing a cluster


Thanks,

Jaimin Jetly


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message