ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Denys Buzhor (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-6432) FreeIPA Support in Ambari
Date Wed, 02 Mar 2016 16:35:18 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-6432?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15175898#comment-15175898
] 

Denys Buzhor commented on AMBARI-6432:
--------------------------------------

In case of *Kerberos Wizard* you can set desired values in *ambari-web/app/controllers/main/admin/kerberos/step2_controller.js*
inside *filterConfigs* method then these properties will be displayed unchecked. But on transition
to the next step (step3) values for these properties will be handled by *tweakIpaKdcProperties*
method which will set values to _false_ and then will send request to save configurations,
so they will be always stored as _false_.

Same flow for *Manual Kerberos* setup so there is no bug there. 

> FreeIPA Support in Ambari
> -------------------------
>
>                 Key: AMBARI-6432
>                 URL: https://issues.apache.org/jira/browse/AMBARI-6432
>             Project: Ambari
>          Issue Type: Improvement
>          Components: ambari-server
>    Affects Versions: trunk
>            Reporter: jay vyas
>             Fix For: 2.4.0
>
>         Attachments: AMBARI-6432-FreeIPA.patch, AMBARI-6432.trunk.v1.patch, AMBARI-6432.trunk.v2.patch,
AMBARI-6432.trunk.v3.patch, AMBARI-6432.trunk.v4.patch, ipa-patch-v0.5.patch
>
>
> FreeIPA Is a powerful tool for unifying identity, kerberos credentials, across a cluster.
> A great value add for ambari would be to provide support for using FreeIPA to kerberize
services.  This would allow for 
> 1) better HCFS interoperability, because first class GID/UID is critical for certain
file systems (GlusterFS, Lustre, and any other file system which uses kernel / FUSE apis for
determining identity)
> 2) better enterprise interoperability.  Because of the fact that FreeIPA makes it easy
to interop with different identity solutions (like active directory), it would make ambari
easier to adopt for various enterprises.
> 3) broadens ambaris scope.  Now ambari could also allow people to setup the users of
their clusters, and at least some of the security features of their clusters, all from one
interface (no more manual handling of TGTs and such - it could all be done quite easily via
the ambari UI which could make calls to underlying FreeIPA clients).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message