ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AMBARI-9170) Principal creation for Active Directory accounts should be configurable
Date Fri, 16 Jan 2015 10:59:34 GMT
Robert Levas created AMBARI-9170:
------------------------------------

             Summary: Principal creation for Active Directory accounts should be configurable
                 Key: AMBARI-9170
                 URL: https://issues.apache.org/jira/browse/AMBARI-9170
             Project: Ambari
          Issue Type: Improvement
          Components: ambari-server
    Affects Versions: 2.0.0
            Reporter: Robert Levas
            Assignee: Robert Levas
             Fix For: 2.0.0


The properties used to create accounts in an Active Directory, related to principal creation,
should be configurable such that a user may specify the required fields and their values (with
variable replacement).

This may be done using a simple structure like XML or JSON, however a template facility (like
Jinja2) may be more useful since conditional paths may be built in.  The template should be
stored in the {{kerberos-env}} configuration.

An example of a need for a conditional path in a template is related to _service_ accounts
vs _user_ accounts.  A _service_ account (such as nn/\_HOST@REALM) should have the {{servicePrincipalName}}
field set to the service's principal, where this value shouldn't be set for a _user_ account
(such as hdfs@REALM).




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message