ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yusaku Sako" <yus...@hortonworks.com>
Subject Re: Review Request 26719: Storm UI server should have the same default keytab value as of other components for spnego principal
Date Wed, 15 Oct 2014 00:51:17 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/26719/#review56623
-----------------------------------------------------------

Ship it!


Ship It!

- Yusaku Sako


On Oct. 15, 2014, 12:41 a.m., Jaimin Jetly wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/26719/
> -----------------------------------------------------------
> 
> (Updated Oct. 15, 2014, 12:41 a.m.)
> 
> 
> Review request for Ambari, Srimanth Gunturi and Yusaku Sako.
> 
> 
> Bugs: AMBARI-7780
>     https://issues.apache.org/jira/browse/AMBARI-7780
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> The problem will occur when there are two different keytabs containing same principal
on a host. In this scenario only one principal will be considered to be valid if a principal
is added to keytab in a specif way using --rankey option. (The reason is due to different
kvno of the principal in both keytabs while using --randkey option to add principal to keytab)
> For example if Namenode host and Storm UI Server are co-hosted. 
> spnego.service.keytab will have principal HTTP/hostname@EXAMPLE.COM which will be used
by NameNode web UI.
> Storm UI daemon will also try to authenticate with the same principal but from a different
keytab path and with different kvno.
> In this scenario the keytab that was created last with the principal will hold valid
principal and the other daemon will fail to authenticate with kerberos authentication error.
> 
> 
> Diffs
> -----
> 
>   ambari-web/app/data/HDP2/secure_properties.js 10d1a41 
> 
> Diff: https://reviews.apache.org/r/26719/diff/
> 
> 
> Testing
> -------
> 
> tested e2e by securing a cluster
> 
> 
> Thanks,
> 
> Jaimin Jetly
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message