You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2017/10/04 20:53:00 UTC
[jira] [Created] (AMBARI-22138) When regenerating keytab files for
a service, non-service-specific principals are affected
Robert Levas created AMBARI-22138:
-------------------------------------
Summary: When regenerating keytab files for a service, non-service-specific principals are affected
Key: AMBARI-22138
URL: https://issues.apache.org/jira/browse/AMBARI-22138
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.6.0
Reporter: Robert Levas
Assignee: Robert Levas
Priority: Critical
Fix For: 3.0.0
When regenerating keytab files for a service, non-service-specific principals are affected. For example, when regenerating the keytab files for HDFS using the following ReST API call:
{code:title=PUT /api/v1/clusters/c1?regenerate_keytabs=all®enerate_components=HDFS}
{
"Clusters": {
"security_type": "KERBEROS"
}
}
{code}
The following principals are affected:
* HTTP/c6402.ambari.apache.org@EXAMPLE.COM
* ambari-qa-c1@EXAMPLE.COM
* nn/c6402.ambari.apache.org@EXAMPLE.COM
* hdfs-c1@EXAMPLE.COM
* HTTP/c6403.ambari.apache.org@EXAMPLE.COM
* dn/c6403.ambari.apache.org@EXAMPLE.COM
* HTTP/c6401.ambari.apache.org@EXAMPLE.COM
* nn/c6401.ambari.apache.org@EXAMPLE.COM
* ambari-server-c1@EXAMPLE.COM
However only the following principals *should be* affected:
* nn/c6402.ambari.apache.org@EXAMPLE.COM
* hdfs-c1@EXAMPLE.COM
* dn/c6403.ambari.apache.org@EXAMPLE.COM
* nn/c6401.ambari.apache.org@EXAMPLE.COM
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)