You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Josh Elser (JIRA)" <ji...@apache.org> on 2016/05/02 06:40:12 UTC
[jira] [Updated] (AMBARI-16171) Changes to Phoenix QueryServer
Kerberos configuration
[ https://issues.apache.org/jira/browse/AMBARI-16171?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Josh Elser updated AMBARI-16171:
--------------------------------
Attachment: AMBARI-16171.002.patch
Here's a v2 given the current "expectation" on how this would all work.
[~rlevas], I'm a bit at a loss now of how to bridge the gap from unit test to actual correctness. Are there are instructions somewhere that can walk me through an upgrade from an older version? I've never had the pleasure/need to go through an upgrade myself.
> Changes to Phoenix QueryServer Kerberos configuration
> -----------------------------------------------------
>
> Key: AMBARI-16171
> URL: https://issues.apache.org/jira/browse/AMBARI-16171
> Project: Ambari
> Issue Type: Improvement
> Reporter: Josh Elser
> Assignee: Josh Elser
> Attachments: AMBARI-16171.001.patch, AMBARI-16171.002.patch
>
>
> The up-coming version of Phoenix will contain some new functionality to support Kerberos authentication of clients via SPNEGO with the Phoenix Query Server (PQS).
> Presently, Ambari will configure PQS to use the hbase service keytab which will result in the SPNEGO authentication failing as the RFC requires that the "primary" component of the Kerberos principal for the server is "HTTP". Thus, we need to ensure that we switch PQS over to use the spnego.service.keytab as the keytab and "HTTP/_HOST@REALM" as the principal.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)