You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2015/09/25 12:32:04 UTC

[jira] [Created] (AMBARI-13240) Kerberos: Allow multiple KDC hosts to be set while enabling Kerberos

Robert Levas created AMBARI-13240:
-------------------------------------

             Summary: Kerberos: Allow multiple KDC hosts to be set while enabling Kerberos
                 Key: AMBARI-13240
                 URL: https://issues.apache.org/jira/browse/AMBARI-13240
             Project: Ambari
          Issue Type: Bug
          Components: ambari-agent, ambari-server, ambari-web
    Affects Versions: 2.0.0
            Reporter: Robert Levas
            Assignee: Robert Levas
            Priority: Minor
             Fix For: 2.2.0


Because multiple KDCs may exist for an installation (failover, high availability, etc...), Ambari should allow a user to specify multiple KDC hosts to be set while enabling Kerberos and updating the Kerberos service's configuration.

This should be done by allowing {{kerberos-env/kdc_host}} to accept a (comma-)delimited list of hosts and then parsing that list properly when building the krb5.conf file where each {{kdc_host}} item generates an entry in the relevant realm block.  For example:

{noformat:title=kerberos-env}
{
  ...
 "kdc_hosts" : "kdc1.example.com, kdc2.example.com"
  ...
}
{noformat}

{noformat:title=krb5.conf}
[realms]
  EXAMPLE.COM = {
    ...
    kdc = kdc1.example.com
    kdc = kdc2.example.com
    ...
  }
{noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)