Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 975D7200C69 for ; Sat, 6 May 2017 20:27:08 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 95E4F160B9F; Sat, 6 May 2017 18:27:08 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id DD14B160BAD for ; Sat, 6 May 2017 20:27:07 +0200 (CEST) Received: (qmail 5549 invoked by uid 500); 6 May 2017 18:27:07 -0000 Mailing-List: contact issues-help@ambari.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ambari.apache.org Delivered-To: mailing list issues@ambari.apache.org Received: (qmail 5411 invoked by uid 99); 6 May 2017 18:27:06 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 06 May 2017 18:27:06 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id B75271A075E for ; Sat, 6 May 2017 18:27:05 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -100.002 X-Spam-Level: X-Spam-Status: No, score=-100.002 tagged_above=-999 required=6.31 tests=[RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id t3BYmZkBroZu for ; Sat, 6 May 2017 18:27:05 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id D0C5B5F36B for ; Sat, 6 May 2017 18:27:04 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 64875E08BB for ; Sat, 6 May 2017 18:27:04 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 15C4721DEC for ; Sat, 6 May 2017 18:27:04 +0000 (UTC) Date: Sat, 6 May 2017 18:27:04 +0000 (UTC) From: "Eric Yang (JIRA)" To: issues@ambari.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Created] (AMBARI-20948) FreeIPA managed HTTP principals are removed by Ambari forcefully MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Sat, 06 May 2017 18:27:08 -0000 Eric Yang created AMBARI-20948: ---------------------------------- Summary: FreeIPA managed HTTP principals are removed by Ambari forcefully Key: AMBARI-20948 URL: https://issues.apache.org/jira/browse/AMBARI-20948 Project: Ambari Issue Type: Bug Reporter: Eric Yang When system administrator use FreeIPA to manage SSL certificates, FreeIPA also generates SPNEGO HTTP principals for each of the described subject alternate names. This can automatically help to renew SSL certificate and SPNEGO HTTP principals on expiration date. Ambari will try to forcefully remove any HTTP principals generated for Ambari agent nodes. This breaks FreeIPA managed SSL certificate and Kerberos HTTP principals. It would be nice to preserve and use FreeIPA generated SSL certificate and SPNEGO principals with automated-renewal process -- This message was sent by Atlassian JIRA (v6.3.15#6346)