You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2017/10/08 11:34:00 UTC

[jira] [Updated] (AMBARI-22138) When regenerating keytab files for a service, non-service-specific principals are affected

     [ https://issues.apache.org/jira/browse/AMBARI-22138?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Robert Levas updated AMBARI-22138:
----------------------------------
    Attachment: AMBARI-22138_trunk_01.patch

> When regenerating keytab files for a service, non-service-specific principals are affected
> ------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-22138
>                 URL: https://issues.apache.org/jira/browse/AMBARI-22138
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.6.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Critical
>              Labels: kerberos
>             Fix For: 3.0.0
>
>         Attachments: AMBARI-22138_trunk_01.patch
>
>
> When regenerating keytab files for a service, non-service-specific principals are affected. For example, when regenerating the keytab files for HDFS using the following ReST API call:
> {code:title=PUT /api/v1/clusters/c1?regenerate_keytabs=all&regenerate_components=HDFS}
> {
>   "Clusters": {
>     "security_type": "KERBEROS"
>   }
> }
> {code}
> The following principals are affected:
> * HTTP/c6402.ambari.apache.org@EXAMPLE.COM
> * ambari-qa-c1@EXAMPLE.COM
> * nn/c6402.ambari.apache.org@EXAMPLE.COM
> * hdfs-c1@EXAMPLE.COM
> * HTTP/c6403.ambari.apache.org@EXAMPLE.COM
> * dn/c6403.ambari.apache.org@EXAMPLE.COM
> * HTTP/c6401.ambari.apache.org@EXAMPLE.COM
> * nn/c6401.ambari.apache.org@EXAMPLE.COM
> * ambari-server-c1@EXAMPLE.COM
> However only the following principals *should be*  affected:
> * nn/c6402.ambari.apache.org@EXAMPLE.COM
> * hdfs-c1@EXAMPLE.COM
> * dn/c6403.ambari.apache.org@EXAMPLE.COM
> * nn/c6401.ambari.apache.org@EXAMPLE.COM



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)