ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Tucker (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-14001) Encryption Types ineffective by default.
Date Fri, 20 Nov 2015 19:47:10 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-14001?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15018643#comment-15018643
] 

David Tucker commented on AMBARI-14001:
---------------------------------------

Relevant section of the conf file (see bottom):
```
[libdefaults]
  renew_lifetime = 7d
  forwardable = true
  default_realm = {{realm}}
  ticket_lifetime = 24h
  dns_lookup_realm = false
  dns_lookup_kdc = false
  #default_tgs_enctypes = {{encryption_types}}
  #default_tkt_enctypes = {{encryption_types}}
```

> Encryption Types ineffective by default.
> ----------------------------------------
>
>                 Key: AMBARI-14001
>                 URL: https://issues.apache.org/jira/browse/AMBARI-14001
>             Project: Ambari
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.1.0
>         Environment: HDP 2.3, 1 master, 5 slaves
>            Reporter: David Tucker
>
> While enabling Kerberos (in the Configure Kerberos tab, on the Advanced kerberos-env
menu), Encryption Types may be specified. Unfortunately, this setting has no effect unless
the corresponding values (default_tgs_enctypes and default_tkt_enctypes) are uncommented from
the krb5.conf file. If you forget this step, you cannot edit the conf file directly because
Ambari will overwrite your changes. Kerberos must be disabled in Ambari and re-enabled with
the appropriate key-value pairs uncommented.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message