You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2015/01/16 11:59:34 UTC

[jira] [Created] (AMBARI-9170) Principal creation for Active Directory accounts should be configurable

Robert Levas created AMBARI-9170:
------------------------------------

             Summary: Principal creation for Active Directory accounts should be configurable
                 Key: AMBARI-9170
                 URL: https://issues.apache.org/jira/browse/AMBARI-9170
             Project: Ambari
          Issue Type: Improvement
          Components: ambari-server
    Affects Versions: 2.0.0
            Reporter: Robert Levas
            Assignee: Robert Levas
             Fix For: 2.0.0


The properties used to create accounts in an Active Directory, related to principal creation, should be configurable such that a user may specify the required fields and their values (with variable replacement).

This may be done using a simple structure like XML or JSON, however a template facility (like Jinja2) may be more useful since conditional paths may be built in.  The template should be stored in the {{kerberos-env}} configuration.

An example of a need for a conditional path in a template is related to _service_ accounts vs _user_ accounts.  A _service_ account (such as nn/\_HOST@REALM) should have the {{servicePrincipalName}} field set to the service's principal, where this value shouldn't be set for a _user_ account (such as hdfs@REALM).




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)