Return-Path: 
 <dev-return-95932-apmail-ambari-dev-archive=ambari.apache.org@ambari.apache.org>
X-Original-To: apmail-ambari-dev-archive@www.apache.org
Delivered-To: apmail-ambari-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 385731831C
	for <apmail-ambari-dev-archive@www.apache.org>;
 Fri, 20 Nov 2015 19:47:11 +0000 (UTC)
Received: (qmail 16021 invoked by uid 500); 20 Nov 2015 19:47:11 -0000
Delivered-To: apmail-ambari-dev-archive@ambari.apache.org
Received: (qmail 15992 invoked by uid 500); 20 Nov 2015 19:47:11 -0000
Mailing-List: contact dev-help@ambari.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@ambari.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@ambari.apache.org>
List-Post: <mailto:dev@ambari.apache.org>
List-Id: <dev.ambari.apache.org>
Reply-To: dev@ambari.apache.org
Delivered-To: mailing list dev@ambari.apache.org
Received: (qmail 15973 invoked by uid 99); 20 Nov 2015 19:47:11 -0000
Received: from arcas.apache.org (HELO arcas) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 Nov 2015 19:47:11 +0000
Received: from arcas.apache.org (localhost [127.0.0.1])
	by arcas (Postfix) with ESMTP id E3CBB2C14FB
	for <dev@ambari.apache.org>; Fri, 20 Nov 2015 19:47:10 +0000 (UTC)
Date: Fri, 20 Nov 2015 19:47:10 +0000 (UTC)
From: "David Tucker (JIRA)" <jira@apache.org>
To: dev@ambari.apache.org
Message-ID: <JIRA.12914962.1448048731000.140915.1448048830929@Atlassian.JIRA>
In-Reply-To: <JIRA.12914962.1448048731000@Atlassian.JIRA>
References: <JIRA.12914962.1448048731000@Atlassian.JIRA>
 <JIRA.12914962.1448048731153@arcas>
Subject: [jira] [Commented] (AMBARI-14001) Encryption Types ineffective by
 default.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/AMBARI-14001?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15018643#comment-15018643 ] 

David Tucker commented on AMBARI-14001:
---------------------------------------

Relevant section of the conf file (see bottom):
```
[libdefaults]
  renew_lifetime = 7d
  forwardable = true
  default_realm = {{realm}}
  ticket_lifetime = 24h
  dns_lookup_realm = false
  dns_lookup_kdc = false
  #default_tgs_enctypes = {{encryption_types}}
  #default_tkt_enctypes = {{encryption_types}}
```

> Encryption Types ineffective by default.
> ----------------------------------------
>
>                 Key: AMBARI-14001
>                 URL: https://issues.apache.org/jira/browse/AMBARI-14001
>             Project: Ambari
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.1.0
>         Environment: HDP 2.3, 1 master, 5 slaves
>            Reporter: David Tucker
>
> While enabling Kerberos (in the Configure Kerberos tab, on the Advanced kerberos-env menu), Encryption Types may be specified. Unfortunately, this setting has no effect unless the corresponding values (default_tgs_enctypes and default_tkt_enctypes) are uncommented from the krb5.conf file. If you forget this step, you cannot edit the conf file directly because Ambari will overwrite your changes. Kerberos must be disabled in Ambari and re-enabled with the appropriate key-value pairs uncommented.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)