You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2017/09/20 17:27:00 UTC

[jira] [Updated] (AMBARI-21919) Kerberos identity references should use the "reference" attribute

     [ https://issues.apache.org/jira/browse/AMBARI-21919?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Robert Levas updated AMBARI-21919:
----------------------------------
    Status: Patch Available  (was: In Progress)

> Kerberos identity references should use the "reference" attribute
> -----------------------------------------------------------------
>
>                 Key: AMBARI-21919
>                 URL: https://issues.apache.org/jira/browse/AMBARI-21919
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.4.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>              Labels: kerberos_descriptor
>             Fix For: 2.6.0
>
>         Attachments: AMBARI-21919_branch-2.6_01.patch, AMBARI-21919_trunk_01.patch
>
>
> Kerberos identity references should use the "reference" attribute rather than rely on the "name" attribute to indicate the identity descriptor references some other identity descriptor.  
> Either method should work on the backend, however the UI appears to not fully handle the "named" reference properly. 
> The solution is to change 
> {code}
>             {
>               "name": "/HDFS/NAMENODE/namenode_nn",
>               "principal": {
>                 "configuration": "ranger-hdfs-audit/xasecure.audit.jaas.Client.option.principal"
>               },
>               "keytab": {
>                 "configuration": "ranger-hdfs-audit/xasecure.audit.jaas.Client.option.keyTab"
>               }
>             }
> {code}
> by changing the "name" attribute to "reference" and adding a new "name" reference with a unique name relative to the scope of the identity descriptor. For example:
> {code}
>             {
>               "name":"ranger_hdfs_audit"
>               "reference": "/HDFS/NAMENODE/namenode_nn",
>               "principal": {
>                 "configuration": "ranger-hdfs-audit/xasecure.audit.jaas.Client.option.principal"
>               },
>               "keytab": {
>                 "configuration": "ranger-hdfs-audit/xasecure.audit.jaas.Client.option.keyTab"
>               }
>             }
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)