You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Sandor Molnar (JIRA)" <ji...@apache.org> on 2018/11/27 15:57:00 UTC
[jira] [Created] (AMBARI-24960) Remove warning about requirement
for IPA password policy without expiration in Ambari kerberos wizard
Sandor Molnar created AMBARI-24960:
--------------------------------------
Summary: Remove warning about requirement for IPA password policy without expiration in Ambari kerberos wizard
Key: AMBARI-24960
URL: https://issues.apache.org/jira/browse/AMBARI-24960
Project: Ambari
Issue Type: Task
Components: ambari-web
Affects Versions: 2.7.0
Reporter: Sandor Molnar
Assignee: Sandor Molnar
Fix For: 2.8.0
The Ambari kerberos wizard for Existing FreeIPA displays a warning about setting up a password policy without expiration for the kerberos principals.
[!image-2018-11-26-08-26-37-452.png?default=false|thumbnail!|https://hortonworks.jira.com/secure/attachment/167582/167582_image-2018-11-26-08-26-37-452.png]
As these (user and service) principals are not created with a password, the password expiration policy does not apply to them. I verified this by maintaining a cluster by maintaining a kerberized cluster for 120+ days, where the password for my ldapbind (and other accounts that do have passwords) expired in 90 days per default policy, without any impact to my kerberos principals or cluster operations.
Unless we've seen contradictory information, let's please remove this warning from the wizard to avoid confusing users on what is needed here.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)