ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas (JIRA)" <>
Subject [jira] [Commented] (AMBARI-19079) The kerberos -kt should be free configuration
Date Mon, 06 Mar 2017 14:27:32 GMT


Robert Levas commented on AMBARI-19079:


What is the OS being run on the IBM PPC platform?  Is it IBM LinuxONE?

bq. HDP must provide versions that support PPC machine, in other words, HDP needs repack within
JDK environment on PPC machine;

HDP does not package a JVM.  It is a set of binaries that get installed expecting certain
requirement to be met - one if which is a compatible JVM being installed. 

bq. Several configurations of service components need to be edited, such as HBase, Metrics.
For example, kind of com.sun needs to be edited as

Wow.. this seems to be an issue.  Can you use OpenJDK instead?

bq.  Kinit's path in Ambari needs to be set as configurable, because IBM JDK contains self-matching
Kinit,applying Kinit of Kerberos will cause conflict. However, for x86 PC, it is fine to keep
using Kinit under Kerberos path.

The path to kinit and the other Kerberos command line utilities are configurable.  Just the
options passed to them are not.  I think your issue is becoming a bit more clear to me and
maybe we should provide a way to customize calls to the Kerberos utilities - kinit, klist,
kadmin.  However it will take some work to determine the best way to do this.

Can you provide _help_/_usage_ info for kinit, klist, and kadmin?  For example:

Usage: kinit [-V] [-l lifetime] [-s start_time]
	[-r renewable_life] [-f | -F] [-p | -P] -n [-a | -A] [-C]
	[-v] [-R] [-k [-t keytab_file]] [-c cachename]
	[-S service_name] [-T ticket_armor_cache]
	[-X <attribute>[=<value>]] [principal]

    options:	-V verbose
	-l lifetime
	-s start time
	-r renewable lifetime
	-f forwardable
	-F not forwardable
	-p proxiable
	-P not proxiable
	-n anonymous
	-a include addresses
	-A do not include addresses
	-v validate
	-R renew
	-C canonicalize
	-E client is enterprise principal name
	-k use keytab
	-t filename of keytab to use
	-c Kerberos 5 cache name
	-S service
	-T armor credential cache
	-X <attribute>[=<value>]

> The kerberos -kt should be free configuration
> ---------------------------------------------
>                 Key: AMBARI-19079
>                 URL:
>             Project: Ambari
>          Issue Type: Improvement
>            Reporter: wangyaoxin
>            Assignee: wangyaoxin
>             Fix For: trunk
> If JDK is not SUN, such as IBM JDK, then must initialize it with JDK tool Kinit ({jdk_home}/jre/bin/kinit
-A -k -t); therefore I sense it would be better to add two configurations item in kerberos-env
for kt and java type, for example, cmd_type and java_type .

This message was sent by Atlassian JIRA

View raw message