[AMBARI-9170] Principal creation for Active Directory accounts should be configurable - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.0.0
Fix Version/s: 2.0.0
Component/s: ambari-server
Labels:
- active_directory
- kerberos

Epic Link:
Ambari Automated Kerberization

Description

The properties used to create accounts in an Active Directory, related to principal creation, should be configurable such that a user may specify the required fields and their values (with variable replacement).

This may be done using a simple structure like XML or JSON, however a template facility (like Jinja2) may be more useful since conditional paths may be built in. The template should be stored in the kerberos-env configuration.

An example of a need for a conditional path in a template is related to service accounts vs user accounts. A service account (such as nn/_HOST@REALM) should have the servicePrincipalName field set to the service's principal, where this value shouldn't be set for a user account (such as hdfs@REALM).

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

AMBARI-9170_01.patch
19/Jan/15 03:49
73 kB
Robert Levas
AMBARI-9170_02.patch
19/Jan/15 11:34
75 kB
Robert Levas
AMBARI-9170_03.patch
19/Jan/15 17:23
76 kB
Robert Levas

Issue Links

links to

ReviewBoard

Activity

People

Assignee:: Robert Levas

Reporter:: Robert Levas

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 16/Jan/15 10:58

Updated:: 19/Jan/15 21:45

Resolved:: 19/Jan/15 20:04