Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
2.1.0
Description
In many situations with large-scale Active Directory deployments, the krb5.conf is managed outside of Ambari. This krb5.conf file is configured with all of the DC's in the AD domain, and the outbound requests to the KDC from clients are load balanced across those servers. In many scenarios the user replication latency causes issues with users not found during the test process. Due to the fact that we generate a new user every time we test, this can get users to a circular situation in which they can never leave this state because of multi-KDC's in their krb5.conf and delay associated with replication.
1) Expose the option to set the test kerberos client principal name (under Advanced kerberos-env)
2) Default the value to something unique, but less than 20 characters
${cluster_name}-${short_date}
Attachments
Attachments
Issue Links
- links to
