ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (AMBARI-19430) Use common property for principal name prefix to help with customization of unique principal names
Date Mon, 09 Jan 2017 20:57:58 GMT

     [ https://issues.apache.org/jira/browse/AMBARI-19430?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Robert Levas reassigned AMBARI-19430:
-------------------------------------

    Assignee: Robert Levas

> Use common property for principal name prefix to help with customization of unique principal
names
> --------------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-19430
>                 URL: https://issues.apache.org/jira/browse/AMBARI-19430
>             Project: Ambari
>          Issue Type: Bug
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>              Labels: kerberos, kerberos_descriptor
>
> Use common property for principal name prefix to help with customization of unique principal
names.  
> All _headless_ Kerberos identities have a non-unique principal name (across clusters).
To help this issue, the cluster name is appended to these principal names by adding "-$\{cluster-name|toLower()\}"
after the principal name component. If the user wants to change this convention, they will
need to find all _headless_ principals and make the change. On top of that, when adding new
components, they will need to remember to make the change to new _headless_ principal names.

> A better solution is to provide a _global_ property named "principal_suffix" and use
that in each _headless_ principal name. By default the value for this property will be
> {code}
> principal_suffix="-${cluster_name|toLower()}"
> {code}
> If the user would like not use a prefix (in the event there is only a single cluster
connecting to the KDC), the value can be changed to
> {code}
> principal_suffix=""
> {code}
> Finally if the user would like to use some other randomizer, they can set the value to
something else. For example
> {code}
> principal_suffix="_12345"
> {code}
> The property is set in the Kerberos descriptor's "properties" block.   For example:
> {code}
> {
>   "properties": {
>     "realm": "${kerberos-env/realm}",
>     ...,
>     "principal_suffix": "${cluster_name|toLower()}"
>   },
>   "identities": [
>     ..., 
>     {
>       "name": "smokeuser",
>       "principal": {
>         "value": "${cluster-env/smokeuser}-${principal_suffix}@${realm}",
>         "type": "user",
>         "configuration": "cluster-env/smokeuser_principal_name",
>         "local_username": "${cluster-env/smokeuser}"
>       },
>       ...
>     }
>   ],
>   "services": [
>     {
> {code} 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message