You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2015/05/07 20:30:59 UTC

[jira] [Updated] (AMBARI-11001) Ambari uses users' interactive ticket cache

     [ https://issues.apache.org/jira/browse/AMBARI-11001?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Robert Levas updated AMBARI-11001:
----------------------------------
    Attachment: AMBARI-11001_01.patch

Fixed JAAS login configuration files for Linux and Windows

Patch File [^AMBARI-11001_01.patch]

> Ambari uses users' interactive ticket cache
> -------------------------------------------
>
>                 Key: AMBARI-11001
>                 URL: https://issues.apache.org/jira/browse/AMBARI-11001
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.1.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Critical
>              Labels: JAAS
>             Fix For: 2.1.0
>
>         Attachments: AMBARI-11001_01.patch
>
>
> It appears that it is necessary to kinit prior to starting ambari-server, even after ambari-server setup-security (#3). It seems that this should be automatically handled by Ambari. 
> Ambari-server should NOT use the same ticket cache as the interactive user. 
> STR:
> 1. kinit
> 2. ambari-server start
> 3. verify that ambari-server can authenticate with ticket specified in #1
> 4. kdestroy
> 5. try to authenticate through Ambari again (it will not work)
> #Solution#
> Ensure JAAS Login works properly such that the Kerberos tickets for the account that executes Ambari is not relevant.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)