Details
-
Bug
-
Status: Resolved
-
Blocker
-
Resolution: Fixed
-
2.0.0
Description
After enabling Kerberos, the root user has the spnego user set for it
[root@c6501 ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: HTTP/c6501.ambari.apache.org@EXAMPLE.COM Valid starting Expires Service principal 02/18/15 22:14:51 02/19/15 22:14:51 krbtgt/EXAMPLE.COM@EXAMPLE.COM renew until 02/18/15 22:14:51
It appears that the issue is related to the agent-side scheduler and/or some job that is scheduled to run periodically. Apparently some job is kinit-ing with the SPNEGO identity as the running user (root in this case) without changing the ticket cache. Thus whenever the job runs the root user's ticket cache gets changed to contain the SPNEGO identity's ticket.
Attachments
Attachments
Issue Links
- links to