You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Balázs Bence Sári (JIRA)" <ji...@apache.org> on 2017/03/27 14:47:41 UTC

[jira] [Assigned] (AMBARI-20586) Add (optional) master_kdcs to kerberos-env and generated krb5.conf file

     [ https://issues.apache.org/jira/browse/AMBARI-20586?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Balázs Bence Sári reassigned AMBARI-20586:
------------------------------------------

    Assignee: Balázs Bence Sári

> Add (optional) master_kdcs to kerberos-env and generated krb5.conf file
> -----------------------------------------------------------------------
>
>                 Key: AMBARI-20586
>                 URL: https://issues.apache.org/jira/browse/AMBARI-20586
>             Project: Ambari
>          Issue Type: Bug
>            Reporter: Balázs Bence Sári
>            Assignee: Balázs Bence Sári
>
> Add (optional) {{master_kdcs}} to {{kerberos-env}} and generated krb5.conf file. If {{kerberos-env/master_kdcs}} is not empty, it should contain a list of IP addresses or FQDNs for one or more KDCs. Multiple entries should be comma-delimited.
> According to https://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html:
> {quote} 
> master_kdc
> Identifies the master KDC(s). Currently, this tag is used in only one case: If an attempt to get credentials fails because of an invalid password, the client software will attempt to contact the master KDC, in case the user’s password has just been changed, and the updated database has not been propagated to the slave servers yet.
> {quote}
> This should help with scenarios where multiple KDCs are in a master/slave (or replicated) configuration. 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)