You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Hudson (JIRA)" <ji...@apache.org> on 2016/10/21 20:52:58 UTC

[jira] [Commented] (AMBARI-18365) Add Ambari configuration options to support Kerberos token authentication

    [ https://issues.apache.org/jira/browse/AMBARI-18365?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15596333#comment-15596333 ] 

Hudson commented on AMBARI-18365:
---------------------------------

FAILURE: Integrated in Jenkins build Ambari-trunk-Commit #5848 (See [https://builds.apache.org/job/Ambari-trunk-Commit/5848/])
AMBARI-18365. Authorizations given to roles, should use generic (rlevas: [http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=176c691eaed6dbf639617f6208f7fb117597c1ce])
* (edit) ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql
* (edit) ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ViewPrivilegeEventCreator.java
* (edit) ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProvider.java
* (edit) ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql
* (edit) ambari-admin/src/main/resources/ui/admin-web/test/unit/services/PermissionSaver_test.js
* (edit) ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterPrivilegeResourceProvider.java
* (edit) ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProvider.java
* (edit) ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrincipalDAO.java
* (edit) ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
* (edit) ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java
* (edit) ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java
* (edit) ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/PrivilegeEventCreator.java
* (edit) ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
* (edit) ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProviderTest.java
* (edit) ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java
* (edit) ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProvider.java
* (edit) ambari-server/src/test/java/org/apache/ambari/server/controller/internal/GroupPrivilegeResourceProviderTest.java
* (edit) ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterPrivilegeResourceProviderTest.java
* (edit) ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog242Test.java
* (edit) ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
* (edit) ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrincipalTypeDAO.java
* (edit) ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java
* (add) ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AbstractPrivilegeResourceProviderTest.java
* (edit) ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/ViewPrivilegeChangeRequestAuditEvent.java
* (edit) ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java
* (edit) ambari-server/src/main/java/org/apache/ambari/server/view/configuration/AutoInstanceConfig.java
* (edit) ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java
* (edit) ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java
* (edit) ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/ambariViews/ViewsEditCtrl.js
* (edit) ambari-server/src/main/java/org/apache/ambari/server/controller/internal/PrivilegeResourceProvider.java
* (edit) ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java
* (edit) ambari-admin/src/main/resources/ui/admin-web/app/scripts/i18n.config.js
* (edit) ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/PermissionsSaver.js
* (edit) ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql
* (edit) ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog242.java
* (edit) ambari-admin/src/main/resources/ui/admin-web/app/views/ambariViews/edit.html
* (edit) ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
* (edit) ambari-server/src/test/java/org/apache/ambari/server/view/configuration/AutoInstanceConfigTest.java
* (edit) ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/View.js
* (edit) ambari-server/src/main/java/org/apache/ambari/server/controller/internal/GroupPrivilegeResourceProvider.java
* (delete) ambari-server/src/main/java/org/apache/ambari/server/security/authorization/ClusterInheritedPermissionHelper.java
* (edit) ambari-admin/src/main/resources/ui/admin-web/app/scripts/services/PermissionLoader.js
* (edit) ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/ClusterPrivilegeChangeRequestAuditEvent.java
* (edit) ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalTypeEntity.java


> Add Ambari configuration options to support Kerberos token authentication
> -------------------------------------------------------------------------
>
>                 Key: AMBARI-18365
>                 URL: https://issues.apache.org/jira/browse/AMBARI-18365
>             Project: Ambari
>          Issue Type: Task
>          Components: ambari-server
>    Affects Versions: 2.5.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>              Labels: authentication, kerberos, security
>             Fix For: 2.5.0
>
>         Attachments: AMBARI-18365_branch-2.5_01.patch, AMBARI-18365_branch-2.5_02.patch, AMBARI-18365_trunk_01.patch, AMBARI-18365_trunk_02.patch
>
>
> Add the followng Ambari configuration options to support Kerberos token authentication
> * {{authentication.kerberos.enabled}}
> ** Determines whether to use Kerberos (SPNEGO) authentication when connecting Ambari:  {{true}} to enable this feature; {{false}}, otherwise
> * {{authentication.kerberos.spnego.principal}}
> ** The Kerberos principal name to use when verifying user-supplied Kerberos tokens for authentication via SPNEGO
> * {{authentication.kerberos.spnego.keytab.file}}
> ** The Kerberos keytab file to use when verifying user-supplied Kerberos tokens for authentication via SPNEGO
> * {{authentication.kerberos.user.types}}
> ** A comma-delimited (ordered) list of preferred user types to use when finding the Ambari user account for the user-supplied Kerberos identity during authentication via SPNEGO
> * {{authentication.kerberos.auth_to_local.rules}}
> ** The auth-to-local rules set to use when translating a user's principal name to a local user name during authentication via SPNEGO.
> NOTE: These properties are in the {{ambari.properties}} file since this feature may be enabled whether the rest of the cluster has Kerberos enabled or not. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)