You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Eric Yang (JIRA)" <ji...@apache.org> on 2017/05/06 18:27:04 UTC
[jira] [Created] (AMBARI-20948) FreeIPA managed HTTP principals are
removed by Ambari forcefully
Eric Yang created AMBARI-20948:
----------------------------------
Summary: FreeIPA managed HTTP principals are removed by Ambari forcefully
Key: AMBARI-20948
URL: https://issues.apache.org/jira/browse/AMBARI-20948
Project: Ambari
Issue Type: Bug
Reporter: Eric Yang
When system administrator use FreeIPA to manage SSL certificates, FreeIPA also generates SPNEGO HTTP principals for each of the described subject alternate names. This can automatically help to renew SSL certificate and SPNEGO HTTP principals on expiration date. Ambari will try to forcefully remove any HTTP principals generated for Ambari agent nodes. This breaks FreeIPA managed SSL certificate and Kerberos HTTP principals. It would be nice to preserve and use FreeIPA generated SSL certificate and SPNEGO principals with automated-renewal process
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)