[AMBARI-11360] Kerberos FE: during disable, need option skip if unable to access KDC to remove principals - ASF JIRA

Attach files

Attach Screenshot

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 2.0.0, 2.1.0
Fix Version/s: 2.1.0
Component/s: ambari-web
Labels:
- kerberos
- kerberos-wizard

Description

Attempted to disable kerb, fails on step to unkerberize because KDC admin is locked out.

Click retry, can't make it past that.

Need option to skip and finish "disable kerberos" even if Ambari cannot get the principals cleaned up (i.e. cannot access the KDC) Losing access to the KDC and attempting to disable where ambari can't clean-up the principals should be a skip'able step. User should still be able to get to a clean, not-enabled-kerberos-ambari-state w/o accessing the KDC.

Solution
Based on user input, execute API call to disable Kerberos with the manage_kerberos_identities directive set to false. Example:

PUT /api/v1/clusters/c1?manage_kerberos_identities=false

{
  "Clusters": {
    "security_type" : "NONE"
  }
}

Attachments

AMBARI-11360_01.patch
23/May/15 11:34
4 kB
Robert Levas
AMBARI-11360_02.patch
25/May/15 22:02
4 kB
Robert Levas

Issue Links

Add Link

links to

ReviewBoard

Delete this link

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Robert Levas

Reporter:: Robert Levas

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 23/May/15 11:29

Updated:: 27/May/15 01:45

Resolved:: 26/May/15 23:22

Agile

View on Board

Kerberos FE: during disable, need option skip if unable to access KDC to remove principals

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates

Agile

Slack

Issue deployment