ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas (JIRA)" <j...@apache.org>
Subject [jira] [Created] (AMBARI-10478) Manually enable Kerberos security
Date Tue, 14 Apr 2015 18:42:12 GMT
Robert Levas created AMBARI-10478:
-------------------------------------

             Summary: Manually enable Kerberos security
                 Key: AMBARI-10478
                 URL: https://issues.apache.org/jira/browse/AMBARI-10478
             Project: Ambari
          Issue Type: Epic
          Components: alerts, ambari-agent, ambari-server
    Affects Versions: 2.1.0
            Reporter: Robert Levas
            Assignee: Robert Levas
             Fix For: 2.1.0


Provide an option for users that want to enable Kerberos in the cluster via Ambari but do
not want any automation. With this option, ambari will not require any access to the KDC,
will not install kerberos clients, will not attempt to generate any principals or keytabs
and will not distribute any keytabs. Keytab regeneration will not be available, and when there
are changes to the cluster (add service, add/remove/change host), the user is responsible
for creating principals and making sure the appropriate keytabs are in place on the host for
proper cluster function (although Ambari should handle updating any configs).

Effectively, this above option provides a manual Kerberos option for users that are looking
to have the similar "hands-off" ambari kerberos experience of 1.7.0 or earlier.

On the Kerberos Wizard, provide an option (below Existing MIT KDC and Existing Active Directory):

[ ] Manage Kerberos principals and keytabs manually

Which will send the wizard thru a path that does not prompt for KDC information, or attempt
to install clients or create principals/keytabs. The user should have a chance to Configure
Identities as part of the wizard and the wizard will push the configs, performs restarts,
etc. Users should have an option to download a CSV of principals, keytabs, hosts, locations,
permissions, ownership.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message