ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas (JIRA)" <>
Subject [jira] [Updated] (AMBARI-11590) Kerberos: provide option to set test account name
Date Tue, 02 Jun 2015 02:53:17 GMT


Robert Levas updated AMBARI-11590:
    Attachment: AMBARI-11590_01.patch

> Kerberos: provide option to set test account name
> -------------------------------------------------
>                 Key: AMBARI-11590
>                 URL:
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.1.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Critical
>              Labels: kerberos
>             Fix For: 2.1.0
>         Attachments: AMBARI-11590_01.patch
> In many situations with large-scale Active Directory deployments, the krb5.conf is managed
outside of Ambari.  This krb5.conf file is configured with all of the DC's in the AD domain,
and the outbound requests to the KDC from clients are load balanced across those servers.
 In many scenarios the user replication latency causes issues with users not found during
the test process.  Due to the fact that we generate a new user every time we test, this can
get users to a circular situation in which they can never leave this state because of multi-KDC's
in their krb5.conf and delay associated with replication.
> 1) Expose the option to set the test kerberos client principal name (under Advanced kerberos-env)
> 2) Default the value to something unique, but less than 20 characters {code}
> ${cluster_name}-${short_date}
> {code}

This message was sent by Atlassian JIRA

View raw message