You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by "Hadoop QA (JIRA)" <ji...@apache.org> on 2015/01/19 05:57:34 UTC

[jira] [Commented] (AMBARI-9170) Principal creation for Active Directory accounts should be configurable

    [ https://issues.apache.org/jira/browse/AMBARI-9170?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14282136#comment-14282136 ] 

Hadoop QA commented on AMBARI-9170:
-----------------------------------

{color:red}-1 overall{color}.  Here are the results of testing the latest attachment 
  http://issues.apache.org/jira/secure/attachment/12693005/AMBARI-9170_01.patch
  against trunk revision .

    {color:green}+1 @author{color}.  The patch does not contain any @author tags.

    {color:green}+1 tests included{color}.  The patch appears to include 8 new or modified test files.

    {color:green}+1 javac{color}.  The applied patch does not increase the total number of javac compiler warnings.

    {color:green}+1 release audit{color}.  The applied patch does not increase the total number of release audit warnings.

    {color:red}-1 core tests{color}.  The test build failed in ambari-server 

Test results: https://builds.apache.org/job/Ambari-trunk-test-patch/1376//testReport/
Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/1376//console

This message is automatically generated.

> Principal creation for Active Directory accounts should be configurable
> -----------------------------------------------------------------------
>
>                 Key: AMBARI-9170
>                 URL: https://issues.apache.org/jira/browse/AMBARI-9170
>             Project: Ambari
>          Issue Type: Improvement
>          Components: ambari-server
>    Affects Versions: 2.0.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>              Labels: active_directory, kerberos
>             Fix For: 2.0.0
>
>         Attachments: AMBARI-9170_01.patch
>
>
> The properties used to create accounts in an Active Directory, related to principal creation, should be configurable such that a user may specify the required fields and their values (with variable replacement).
> This may be done using a simple structure like XML or JSON, however a template facility (like Jinja2) may be more useful since conditional paths may be built in.  The template should be stored in the {{kerberos-env}} configuration.
> An example of a need for a conditional path in a template is related to _service_ accounts vs _user_ accounts.  A _service_ account (such as nn/\_HOST@REALM) should have the {{servicePrincipalName}} field set to the service's principal, where this value shouldn't be set for a _user_ account (such as hdfs@REALM).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)