[AMBARI-24528] Kerberos "Additional Realms" should not require keytab re-generation and cluster restart - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 2.5.0, 2.6.0
Fix Version/s: None
Component/s: ambari-admin, security
Labels:
- auth_to_local
- kerberos

Description

"Admin -> Kerberos -> Additonal Realms"

Currently requires keytab re-generation which in turn requires restarting the cluster. But it is completely unrelated to keytabs.

Fix:

Move "Additional Realms" to the "Kerberos" service configs where it belongs, along with the "auth_to_local" setting which is what it is used for.
When it is changed:
- No keytab re-generation is then required.
- Instead of silently altering "auth_to_local" rules, they should come up as "Recommendations".

Attachments

Issue Links

is caused by

AMBARI-13060 Kerberos: Allow user to specify additional realms for auth-to-local rules

Resolved

Activity

People

Assignee:: Robert Levas

Reporter:: Sean Roberts

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 23/Aug/18 12:41

Updated:: 24/Aug/18 11:51