You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by "David Tucker (JIRA)" <ji...@apache.org> on 2015/11/20 20:47:10 UTC

[jira] [Commented] (AMBARI-14001) Encryption Types ineffective by default.

    [ https://issues.apache.org/jira/browse/AMBARI-14001?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15018643#comment-15018643 ] 

David Tucker commented on AMBARI-14001:
---------------------------------------

Relevant section of the conf file (see bottom):
```
[libdefaults]
  renew_lifetime = 7d
  forwardable = true
  default_realm = {{realm}}
  ticket_lifetime = 24h
  dns_lookup_realm = false
  dns_lookup_kdc = false
  #default_tgs_enctypes = {{encryption_types}}
  #default_tkt_enctypes = {{encryption_types}}
```

> Encryption Types ineffective by default.
> ----------------------------------------
>
>                 Key: AMBARI-14001
>                 URL: https://issues.apache.org/jira/browse/AMBARI-14001
>             Project: Ambari
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.1.0
>         Environment: HDP 2.3, 1 master, 5 slaves
>            Reporter: David Tucker
>
> While enabling Kerberos (in the Configure Kerberos tab, on the Advanced kerberos-env menu), Encryption Types may be specified. Unfortunately, this setting has no effect unless the corresponding values (default_tgs_enctypes and default_tkt_enctypes) are uncommented from the krb5.conf file. If you forget this step, you cannot edit the conf file directly because Ambari will overwrite your changes. Kerberos must be disabled in Ambari and re-enabled with the appropriate key-value pairs uncommented.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)