ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas (JIRA)" <>
Subject [jira] [Created] (AMBARI-8899) Knox service components should indicate security state
Date Tue, 23 Dec 2014 21:18:13 GMT
Robert Levas created AMBARI-8899:

             Summary: Knox service components should indicate security state
                 Key: AMBARI-8899
             Project: Ambari
          Issue Type: Improvement
          Components: ambari-agent, stacks
    Affects Versions: 2.0.0
            Reporter: Robert Levas
            Assignee: Robert Levas
             Fix For: 2.0.0

The Knox service components should indicate security state when queried by Ambari Agent via
STATUS_COMMAND.  Each component should determine it's state as follows:

h3. Indicators
* Command JSON
** config\['configurations']\['cluster-env']\['security_enabled'] 
*** = “true”
* Configuration File: knox_conf_dir + '/krb5JAASLogin.conf'
** keyTab
*** not empty
*** path exists and is readable
*** required
** principal
*** not empty
*** required

h3. Pseudocode
if indicators imply security is on and validate
    if kinit(principal) succeeds
        state = SECURED_KERBEROS
        state = ERROR 
    state = UNSECURED

_*Note*_: Due to the _cost_ of calling {{kinit}} results should be cached for a period of
time before retrying.  This may be an issue depending on the frequency of the heartbeat timeout.
_*Note*_: {{kinit}} calls should specify a _temporary_ cache file which should be destroyed
after command is executed - BUG-29477

This message was sent by Atlassian JIRA

View raw message