ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AMBARI-13240) Kerberos: Allow multiple KDC hosts to be set while enabling Kerberos
Date Tue, 05 Apr 2016 17:47:25 GMT

     [ https://issues.apache.org/jira/browse/AMBARI-13240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Robert Levas updated AMBARI-13240:
----------------------------------
    Description: 
Because multiple KDCs may exist for an installation (failover, high availability, etc...),
Ambari should allow a user to specify multiple KDC hosts to be set while enabling Kerberos
and updating the Kerberos service's configuration.

This should be done by adding a property to {{kerberos-env}}, named {{additional_kdc_hosts}},
to accept a comma-delimited list of hosts. If set, the list of hosts are to be split where
each {{additional_kdc_hosts}} item generates an entry in the relevant realm block in the {{krb5.conf}}
file.  For example:

{noformat:title=kerberos-env}
{
  ...
 "kdc_host" : "kdc.example.com",
 "additional_kdc_hosts" : "kdc1.example.com, kdc2.example.com"
  ...
}
{noformat}

{noformat:title=krb5.conf}
[realms]
  EXAMPLE.COM = {
    ...
    kdc = kdc.example.com
    kdc = kdc1.example.com
    kdc = kdc2.example.com
    ...
  }
{noformat}

Note: the reason that {{additional_kdc_hosts}} is added rather than changing {{kdc_host}}
to {{kdc_hosts}} is to maintain backward compatibility.

  was:
Because multiple KDCs may exist for an installation (failover, high availability, etc...),
Ambari should allow a user to specify multiple KDC hosts to be set while enabling Kerberos
and updating the Kerberos service's configuration.

This should be done by allowing {{kerberos-env/kdc_host}} to accept a (comma-)delimited list
of hosts and then parsing that list properly when building the krb5.conf file where each {{kdc_host}}
item generates an entry in the relevant realm block.  For example:

{noformat:title=kerberos-env}
{
  ...
 "kdc_hosts" : "kdc1.example.com, kdc2.example.com"
  ...
}
{noformat}

{noformat:title=krb5.conf}
[realms]
  EXAMPLE.COM = {
    ...
    kdc = kdc1.example.com
    kdc = kdc2.example.com
    ...
  }
{noformat}


> Kerberos: Allow multiple KDC hosts to be set while enabling Kerberos
> --------------------------------------------------------------------
>
>                 Key: AMBARI-13240
>                 URL: https://issues.apache.org/jira/browse/AMBARI-13240
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-agent, ambari-server, ambari-web
>    Affects Versions: 2.0.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Minor
>              Labels: kerberos
>             Fix For: 2.3.0
>
>
> Because multiple KDCs may exist for an installation (failover, high availability, etc...),
Ambari should allow a user to specify multiple KDC hosts to be set while enabling Kerberos
and updating the Kerberos service's configuration.
> This should be done by adding a property to {{kerberos-env}}, named {{additional_kdc_hosts}},
to accept a comma-delimited list of hosts. If set, the list of hosts are to be split where
each {{additional_kdc_hosts}} item generates an entry in the relevant realm block in the {{krb5.conf}}
file.  For example:
> {noformat:title=kerberos-env}
> {
>   ...
>  "kdc_host" : "kdc.example.com",
>  "additional_kdc_hosts" : "kdc1.example.com, kdc2.example.com"
>   ...
> }
> {noformat}
> {noformat:title=krb5.conf}
> [realms]
>   EXAMPLE.COM = {
>     ...
>     kdc = kdc.example.com
>     kdc = kdc1.example.com
>     kdc = kdc2.example.com
>     ...
>   }
> {noformat}
> Note: the reason that {{additional_kdc_hosts}} is added rather than changing {{kdc_host}}
to {{kdc_hosts}} is to maintain backward compatibility.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message