You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2018/02/09 00:57:00 UTC

[jira] [Created] (AMBARI-22949) Kerberos identities are not removed for components that exist in multiple hosts

Robert Levas created AMBARI-22949:
-------------------------------------

             Summary: Kerberos identities are not removed for components that exist in multiple hosts
                 Key: AMBARI-22949
                 URL: https://issues.apache.org/jira/browse/AMBARI-22949
             Project: Ambari
          Issue Type: Bug
          Components: ambari-server
    Affects Versions: 3.0.0
            Reporter: Robert Levas
            Assignee: Robert Levas
             Fix For: 3.0.0


Kerberos identities are not removed for components that exist on multiple hosts.  

For example, if {{SERVICEA/COMPONENT1}} is installed on {{HOST1}} and {{HOST2}} and its relevant principal is named {{component1/\_HOST@REALM}}, then the host-specific principal and keytab file will not be removed if {{SERVICEA/COMPONENT1}} is removed from {{HOST1}} *_or_* {{HOST2}}. It will be removed if {{SERVICEA/COMPONENT1}} is removed from {{HOST1}} *_and_* {{HOST2}}.

This is due to the incorrect principal name comparison when determine whether a Kerberos identity is to be removed or not.  See {{org.apache.ambari.server.controller.utilities.UsedIdentities#contains}}.




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)