ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-12093) Enable Security Wizard not honoring the unchecking of the "Manage Kerberos client krb5.conf" check box
Date Wed, 24 Jun 2015 17:55:04 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-12093?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14599832#comment-14599832
] 

Robert Levas commented on AMBARI-12093:
---------------------------------------

[~zmarsh13],   I am confused how adding "“udp_preference_limit = 1" to the krb5.conf template
fixes the "Manage Kerberos client krb5.conf" checkbox issue.   

In any case, it appears that you are trying to get the Kerberos client to commnicate via UPD
rather than TCP and I beleive that the default settings for the MIT KDC on SLES is to listen
only on UDP.  Unless you have a need to use UDP only, I would suggest changing the KDC configuration
to listen on TCP ports as well.   This can be done by editting the kdc.conf file and adding
a "kdc_tcp_ports" value. See http://web.mit.edu/kerberos/krb5-1.13/doc/admin/conf_files/kdc_conf.html#kdcdefaults.



> Enable Security Wizard not honoring the unchecking of the "Manage Kerberos client krb5.conf"
check box
> ------------------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-12093
>                 URL: https://issues.apache.org/jira/browse/AMBARI-12093
>             Project: Ambari
>          Issue Type: Bug
>         Environment: ambari-2.1.0-1213, hdp-2.3.0.0-2450, sles11sp3
>            Reporter: Zack Marsh
>            Assignee: Robert Levas
>            Priority: Blocker
>
> In Ambari's Enable Kerberos Wizard, in the step “Configure Kerberos” there is a check-box
under “Advanced krb-conf” for “Manage Kerberos client krb5.conf". We are generating
our own krb5.conf file in our Kerberos setup script,  therefore we have been deselecting this
check-box to prevent Ambari from overwriting our changes.
> In the last several builds of Ambari/HDP some users (using Chrome and Firefox) are finding
that Ambari is not honoring un-checking this option, and overwriting the krb4.conf file. This
is resulting in many failures starting services (Data Node and Journal Node) during the last
step of the Kerberos Wizard.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message