incubator-bigtop-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Patrick Taylor Ramsey (Updated) (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (BIGTOP-530) [puppet] We currently xst the HTTP principal multiple times, each time invalidating the previous one
Date Fri, 13 Apr 2012 22:31:17 GMT

     [ https://issues.apache.org/jira/browse/BIGTOP-530?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Patrick Taylor Ramsey updated BIGTOP-530:
-----------------------------------------

          Component/s: Deployment
    Affects Version/s: 0.4.0
             Assignee: Patrick Taylor Ramsey
    
> [puppet] We currently xst the HTTP principal multiple times, each time invalidating the
previous one
> ----------------------------------------------------------------------------------------------------
>
>                 Key: BIGTOP-530
>                 URL: https://issues.apache.org/jira/browse/BIGTOP-530
>             Project: Bigtop
>          Issue Type: Bug
>          Components: Deployment
>    Affects Versions: 0.4.0
>            Reporter: Patrick Taylor Ramsey
>            Assignee: Patrick Taylor Ramsey
>            Priority: Minor
>         Attachments: patch.txt
>
>
> The HTTP principal is required for SPNEGO, so we now generate it and then include it
in all of the service keytabs.  Unfortunately, we add it to these keytabs using kadmin's xst
command, which generates a new set of credentials for the HTTP principal and invalidates the
old ones.  A more correct approach would be to export the credential once and then inject
it into the service keytabs using ktutil (though that doesn't change the fact that the way
we get the service keytabs onto the hadoop nodes is insecure).  Attaching a patch that implements
this approach.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message