[AMBARI-20586] Add (optional) master_kdcs to kerberos-env and generated krb5.conf file - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.0.0, 2.5.1
Component/s: None
Labels:
None

Description

Add (optional) master_kdcs to kerberos-env and generated krb5.conf file. If kerberos-env/master_kdcs is not empty, it should contain a list of IP addresses or FQDNs for one or more KDCs. Multiple entries should be comma-delimited.

According to https://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html:

master_kdc

Identifies the master KDC(s). Currently, this tag is used in only one case: If an attempt to get credentials fails because of an invalid password, the client software will attempt to contact the master KDC, in case the user’s password has just been changed, and the updated database has not been propagated to the slave servers yet.

This should help with scenarios where multiple KDCs are in a master/slave (or replicated) configuration.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

AMBARI-20586-Master-kdc_trunk_v4.patch
30/Mar/17 19:08
17 kB
Balázs Bence Sári

Issue Links

links to

review board

Activity

People

Assignee:: Balázs Bence Sári

Reporter:: Balázs Bence Sári

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 27/Mar/17 14:46

Updated:: 16/Feb/18 13:13

Resolved:: 31/Mar/17 18:01