Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
2.4.0
-
None
Description
Since users would have manually set up the Ambari principal after enabling Kerberos using ambari-server setup-security option #3 ("Setup Ambari kerberos JAAS configuration") in Ambari versions before 2.4.0, there is no need to configure Ambari to automatically manage its principals after an upgrade to version 2.4.0 and above.
Therefore, upon upgrade to Ambari 2.4.0 or above, the upgrade process (in UpgradeCatalog240) should ensure that "kerberos-env/create_ambari_principal}} is set to "false". By default this value will be set to "true" after org.apache.ambari.server.upgrade.AbstractUpgradeCatalog#addNewConfigurationsFromXml is executed.
Note: This may have an effect on Ambari versions 2.4.2 and above if Kerberos authentication is enabled and the SPNEGO (HTTP/_HOST) principal and keytab file is already created and installed.
Attachments
Attachments
Issue Links
- links to