You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Vijay Srinivasaraghavan (JIRA)" <ji...@apache.org> on 2015/10/08 07:46:26 UTC

[jira] [Resolved] (AMBARI-13312) Enable Kerberos is not working

     [ https://issues.apache.org/jira/browse/AMBARI-13312?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Vijay Srinivasaraghavan resolved AMBARI-13312.
----------------------------------------------
    Resolution: Won't Fix


>>Ambari server krb5.conf is not getting updated with the values supplied in UI
Expectation is ambari server should be deployed on the same same machine along side with ambari agent. If ambari server is deployed on a separate host then krb5.conf will have to be updated manually.

>>Service keytab (kerberos.service_check.100515.keytab) seems to be having some issues.
Issue is related to AES encryption type. If we don't install JCE policy, then the krb5.conf from both KDC server and all the clients should not include AES as default supported encryption key.



> Enable Kerberos is not working
> ------------------------------
>
>                 Key: AMBARI-13312
>                 URL: https://issues.apache.org/jira/browse/AMBARI-13312
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: trunk
>         Environment: SLES 11 SP3
>            Reporter: Vijay Srinivasaraghavan
>
> I have installed MIT KDC server on host1. Hadoop cluster and Ambari Server running in host 2 (in two separate containers). I have created a hadoop cluster with ZK, YARN/MR2 and HDFS services. When I try to enable security by using existing KDC, I see below 2 issues.
> 1) Ambari server krb5.conf is not getting updated with the values supplied in UI
> 2) Service keytab (kerberos.service_check.100515.keytab) seems to be having some issues.
> {code}
> lglop193:/ # klist
> klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
> lglop193:/ # cd /etc/security/keytabs/
> lglop193:/etc/security/keytabs # ls
> kerberos.service_check.100515.keytab
> lglop193:/etc/security/keytabs # /usr/bin/kinit -c /var/lib/ambari-agent/tmp/kerberos_service_check_cc_8b60256b73fc5454fc5737d0a1ce9887 -kt /etc/security/keytabs/kerberos.service_check.100515.keytab C-100515@HADOOP.COM
> kinit(v5): Key table entry not found while getting initial credentials
> lglop193:/etc/security/keytabs # kinit C-100515 -k -t kerberos.service_check.100515.keytab
> kinit(v5): Key table entry not found while getting initial credentials
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)