You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Hadoop QA (JIRA)" <ji...@apache.org> on 2015/05/07 20:49:01 UTC
[jira] [Commented] (AMBARI-11001) Ambari uses users' interactive
ticket cache
[ https://issues.apache.org/jira/browse/AMBARI-11001?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14533178#comment-14533178 ]
Hadoop QA commented on AMBARI-11001:
------------------------------------
{color:red}-1 overall{color}. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12731237/AMBARI-11001_01.patch
against trunk revision .
{color:red}-1 patch{color}. Top-level trunk compilation may be broken.
Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/2652//console
This message is automatically generated.
> Ambari uses users' interactive ticket cache
> -------------------------------------------
>
> Key: AMBARI-11001
> URL: https://issues.apache.org/jira/browse/AMBARI-11001
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.1.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Priority: Critical
> Labels: JAAS
> Fix For: 2.1.0
>
> Attachments: AMBARI-11001_01.patch
>
>
> It appears that it is necessary to kinit prior to starting ambari-server, even after ambari-server setup-security (#3). It seems that this should be automatically handled by Ambari.
> Ambari-server should NOT use the same ticket cache as the interactive user.
> STR:
> 1. kinit
> 2. ambari-server start
> 3. verify that ambari-server can authenticate with ticket specified in #1
> 4. kdestroy
> 5. try to authenticate through Ambari again (it will not work)
> *Solution*
> Ensure JAAS Login works properly such that the Kerberos tickets for the account that executes Ambari is not relevant.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)