ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas (JIRA)" <>
Subject [jira] [Commented] (AMBARI-22293) Improve KDC integration
Date Wed, 08 Nov 2017 00:22:00 GMT


Robert Levas commented on AMBARI-22293:


The tests run fine for me.  
[INFO] -------------------------------------------------------
[INFO] -------------------------------------------------------
[INFO] Running org.apache.ambari.server.serveraction.kerberos.ADKerberosOperationHandlerTest
[INFO] Running org.apache.ambari.server.serveraction.kerberos.MITKerberosOperationHandlerTest
[INFO] Running org.apache.ambari.server.serveraction.kerberos.IPAKerberosOperationHandlerTest
[INFO] Tests run: 21, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 1.623 s - in org.apache.ambari.server.serveraction.kerberos.IPAKerberosOperationHandlerTest
[WARNING] Tests run: 34, Failures: 0, Errors: 0, Skipped: 1, Time elapsed: 2.168 s - in org.apache.ambari.server.serveraction.kerberos.ADKerberosOperationHandlerTest
[INFO] Tests run: 26, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 3.597 s - in org.apache.ambari.server.serveraction.kerberos.MITKerberosOperationHandlerTest
[INFO] Results:
[WARNING] Tests run: 81, Failures: 0, Errors: 0, Skipped: 1

Can you rerun and post the error(s) you get?

> Improve KDC integration
> -----------------------
>                 Key: AMBARI-22293
>                 URL:
>             Project: Ambari
>          Issue Type: Task
>          Components: ambari-server
>    Affects Versions: 3.0.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>              Labels: kerberos
>             Fix For: 3.0.0
>         Attachments: AMBARI-22293_trunk_01.patch, AMBARI-22293_trunk_02.patch
> Improve KDC integration by making the interfaces more consistent with each other.
> *Notes:*
> * When using the MIT KDC or IPA options, the {{kerberos-env/admin_server_host}} value
*must be the fully qualified domain name* (FQDN) of the host were the KDC administrator service
> * When connecting to the MIT KDC and IPA server, a username a password is not used to
authenticate using the kadmin utility.  A Kerberos ticket is first acquired and that is used
for authentication.
> * When creating Kerberos identities using the MIT KDC and IPA handlers, the Ambari-generated
password is not used.  All password's for principals in the MIT KDC and IP server are generated
randomly by the KDC.
> * Removed {{kerberos-env/set_password_expiry}} and {{kerberos-env/password_chat_timeout}}
properties since they are no longer needed
> * Changed {{kerberos-env/groups}} to {{kerberos-env/ipa_user_groups}} to be more explicit
in how the property is used.
> * The setPassword implementation for the MIT KDC and IPA handlers do nothing except check
to see if the relevant principal exists. This is to maintain backward compatibility with previous

This message was sent by Atlassian JIRA

View raw message