You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Eric Yang (JIRA)" <ji...@apache.org> on 2017/05/06 18:27:04 UTC

[jira] [Created] (AMBARI-20948) FreeIPA managed HTTP principals are removed by Ambari forcefully

Eric Yang created AMBARI-20948:
----------------------------------

             Summary: FreeIPA managed HTTP principals are removed by Ambari forcefully
                 Key: AMBARI-20948
                 URL: https://issues.apache.org/jira/browse/AMBARI-20948
             Project: Ambari
          Issue Type: Bug
            Reporter: Eric Yang


When system administrator use FreeIPA to manage SSL certificates, FreeIPA also generates SPNEGO HTTP principals for each of the described subject alternate names.  This can automatically help to renew SSL certificate and SPNEGO HTTP principals on expiration date.  Ambari will try to forcefully remove any HTTP principals generated for Ambari agent nodes.  This breaks FreeIPA managed SSL certificate and Kerberos HTTP principals.  It would be nice to preserve and use FreeIPA generated SSL certificate and SPNEGO principals with automated-renewal process



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)