[BIGTOP-530] [puppet] We currently xst the HTTP principal multiple times, each time invalidating the previous one - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 0.4.0
Fix Version/s: 0.4.0
Component/s: deployment
Labels:
None

Description

The HTTP principal is required for SPNEGO, so we now generate it and then include it in all of the service keytabs. Unfortunately, we add it to these keytabs using kadmin's xst command, which generates a new set of credentials for the HTTP principal and invalidates the old ones. A more correct approach would be to export the credential once and then inject it into the service keytabs using ktutil (though that doesn't change the fact that the way we get the service keytabs onto the hadoop nodes is insecure). Attaching a patch that implements this approach.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

patch.txt
13/Apr/12 22:29
5 kB
Patrick Taylor Ramsey

Activity

People

Assignee:: Patrick Taylor Ramsey

Reporter:: Patrick Taylor Ramsey

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 13/Apr/12 22:19

Updated:: 21/Jun/13 23:55

Resolved:: 17/Apr/12 00:45