ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tom Beerbower" <tbeerbo...@hortonworks.com>
Subject Re: Review Request 33952: Ambari uses users' interactive ticket cache
Date Thu, 07 May 2015 21:07:11 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/33952/#review82909
-----------------------------------------------------------

Ship it!


Ship It!

- Tom Beerbower


On May 7, 2015, 6:48 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/33952/
> -----------------------------------------------------------
> 
> (Updated May 7, 2015, 6:48 p.m.)
> 
> 
> Review request for Ambari, Erik Bergenholtz, Sid Wagle, and Tom Beerbower.
> 
> 
> Bugs: AMBARI-11001
>     https://issues.apache.org/jira/browse/AMBARI-11001
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> It appears that it is necessary to kinit prior to starting ambari-server, even after
ambari-server setup-security (#3). It seems that this should be automatically handled by Ambari.

> 
> Ambari-server should NOT use the same ticket cache as the interactive user. 
> 
> STR:
> 1. kinit
> 2. ambari-server start
> 3. verify that ambari-server can authenticate with ticket specified in #1
> 4. kdestroy
> 5. try to authenticate through Ambari again (it will not work)
> 
> #Solution#
> Ensure JAAS Login works properly such that the Kerberos tickets for the account that
executes Ambari is not relevant.
> 
> 
> Diffs
> -----
> 
>   ambari-server/conf/unix/krb5JAASLogin.conf b667081 
>   ambari-server/conf/windows/krb5JAASLogin.conf 2db9959 
> 
> Diff: https://reviews.apache.org/r/33952/diff/
> 
> 
> Testing
> -------
> 
> Manually tested using the Ambari File View to ensure Kerberos authentication was perfromed
via JAAS internal to Ambari and not relying on interactive user ticket cache
> 
> 
> Thanks,
> 
> Robert Levas
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message