Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-24528

Kerberos "Additional Realms" should not require keytab re-generation and cluster restart

    XMLWordPrintableJSON

Details

    Description

      "Admin -> Kerberos -> Additonal Realms"

      • Currently requires keytab re-generation which in turn requires restarting the cluster. But it is completely unrelated to keytabs.

      Fix:

      • Move "Additional Realms" to the "Kerberos" service configs where it belongs, along with the "auth_to_local" setting which is what it is used for.
      • When it is changed:
        • No keytab re-generation is then required.
        • Instead of silently altering "auth_to_local" rules, they should come up as "Recommendations".

      Attachments

        Issue Links

          is caused by

          Bug - A problem which impairs or prevents the functions of the product. AMBARI-13060 Kerberos: Allow user to specify additional realms for auth-to-local rules

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              rlevas Robert Levas
              seano Sean Roberts
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated: