You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Hadoop QA (JIRA)" <ji...@apache.org> on 2015/04/15 01:20:59 UTC

[jira] [Commented] (AMBARI-10479) Add the ability to enable Kerberos and not manage identities

    [ https://issues.apache.org/jira/browse/AMBARI-10479?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14495119#comment-14495119 ] 

Hadoop QA commented on AMBARI-10479:
------------------------------------

{color:red}-1 overall{color}.  Here are the results of testing the latest attachment 
  http://issues.apache.org/jira/secure/attachment/12725383/AMBARI-10479_01.patch
  against trunk revision .

    {color:green}+1 @author{color}.  The patch does not contain any @author tags.

    {color:green}+1 tests included{color}.  The patch appears to include 1 new or modified test files.

    {color:green}+1 javac{color}.  The applied patch does not increase the total number of javac compiler warnings.

    {color:green}+1 release audit{color}.  The applied patch does not increase the total number of release audit warnings.

    {color:red}-1 core tests{color}.  The test build failed in ambari-server 

Test results: https://builds.apache.org/job/Ambari-trunk-test-patch/2341//testReport/
Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/2341//console

This message is automatically generated.

> Add the ability to enable Kerberos and not manage identities
> ------------------------------------------------------------
>
>                 Key: AMBARI-10479
>                 URL: https://issues.apache.org/jira/browse/AMBARI-10479
>             Project: Ambari
>          Issue Type: Task
>          Components: ambari-server
>    Affects Versions: 2.1.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>              Labels: kerberos
>             Fix For: 2.1.0
>
>         Attachments: AMBARI-10479_01.patch
>
>
> Add the ability to enable Kerberos and not manage identities.  This should be done by allowing a user to specify whether all relevant Kerberos identities _should_ or _should not_ be managed by Ambari.  
> A *kerberos-env* property named *manage_identities* is to be added where its value may be either _true_ or _false_.  By default the value is _true_ (or rather _not false_).  
> If _not false_, Ambari will access the registered KDC to create, update, and delete Kerberos identities as needed.  Ambari will also create, distribute, and delete keytab files as needed. Because of this, the KDC administrator credentials are required. This is the current behavior of Ambari 2.0.0.
> If _false_, Ambari will *not* access the registered KDC to create, update, or delete Kerberos identities.  It will also *not* create, distribute, or delete keytab files. Not KDC administrator credentials will be needed.
> Note: a lot of this work has been done for AMBARI-10305.  A current known problem with the solution for AMBARI-10305 is that the Kerberos service check fails when kerberos-env/manage_identities is false due to missing data since the special smoke user was not created.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)