AMBARI-21146. Knox JAAS configuration file should not allow the Kerberos ticket cache to be used when establishing its identity on startup (Attila Magyar via adoroszlai)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/e71f49e4 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/e71f49e4 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/e71f49e4 Branch: refs/heads/branch-feature-AMBARI-20859 Commit: e71f49e4ef30ff720ad4f8b7fb3823d68acd48cc Parents: 9b44b62 Author: Attila Magyar <amag...@hortonworks.com> Authored: Thu Jun 8 11:23:29 2017 +0200 Committer: Attila Doroszlai <adorosz...@hortonworks.com> Committed: Thu Jun 8 11:23:29 2017 +0200 ---------------------------------------------------------------------- .../KNOX/0.5.0.2.2/package/templates/krb5JAASLogin.conf.j2 | 9 +++------ .../KNOX/0.5.0.3.0/package/templates/krb5JAASLogin.conf.j2 | 9 +++------ 2 files changed, 6 insertions(+), 12 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/e71f49e4/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/templates/krb5JAASLogin.conf.j2 ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/templates/krb5JAASLogin.conf.j2 b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/templates/krb5JAASLogin.conf.j2 index fa3237b..29b2179 100644 --- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/templates/krb5JAASLogin.conf.j2 +++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/templates/krb5JAASLogin.conf.j2 @@ -17,14 +17,11 @@ #} com.sun.security.jgss.initiate { com.sun.security.auth.module.Krb5LoginModule required -renewTGT=true +renewTGT=false doNotPrompt=true useKeyTab=true keyTab="{{knox_keytab_path}}" principal="{{knox_principal_name}}" -isInitiator=true storeKey=true -useTicketCache=true -client=true; -}; - +useTicketCache=false; +}; \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/e71f49e4/ambari-server/src/main/resources/common-services/KNOX/0.5.0.3.0/package/templates/krb5JAASLogin.conf.j2 ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.3.0/package/templates/krb5JAASLogin.conf.j2 b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.3.0/package/templates/krb5JAASLogin.conf.j2 index fa3237b..29b2179 100644 --- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.3.0/package/templates/krb5JAASLogin.conf.j2 +++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.3.0/package/templates/krb5JAASLogin.conf.j2 @@ -17,14 +17,11 @@ #} com.sun.security.jgss.initiate { com.sun.security.auth.module.Krb5LoginModule required -renewTGT=true +renewTGT=false doNotPrompt=true useKeyTab=true keyTab="{{knox_keytab_path}}" principal="{{knox_principal_name}}" -isInitiator=true storeKey=true -useTicketCache=true -client=true; -}; - +useTicketCache=false; +}; \ No newline at end of file