You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Sandor Molnar (JIRA)" <ji...@apache.org> on 2018/11/27 15:57:00 UTC

[jira] [Created] (AMBARI-24960) Remove warning about requirement for IPA password policy without expiration in Ambari kerberos wizard

Sandor Molnar created AMBARI-24960:
--------------------------------------

             Summary: Remove warning about requirement for IPA password policy without expiration in Ambari kerberos wizard
                 Key: AMBARI-24960
                 URL: https://issues.apache.org/jira/browse/AMBARI-24960
             Project: Ambari
          Issue Type: Task
          Components: ambari-web
    Affects Versions: 2.7.0
            Reporter: Sandor Molnar
            Assignee: Sandor Molnar
             Fix For: 2.8.0


The Ambari kerberos wizard for Existing FreeIPA displays a warning about setting up a password policy without expiration for the kerberos principals.
[!image-2018-11-26-08-26-37-452.png?default=false|thumbnail!|https://hortonworks.jira.com/secure/attachment/167582/167582_image-2018-11-26-08-26-37-452.png]

As these (user and service) principals are not created with a password, the password expiration policy does not apply to them. I verified this by maintaining a cluster by maintaining a kerberized cluster for 120+ days, where the password for my ldapbind (and other accounts that do have passwords) expired in 90 days per default policy, without any impact to my kerberos principals or cluster operations.

Unless we've seen contradictory information, let's please remove this warning from the wizard to avoid confusing users on what is needed here.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)