Robert Levas created AMBARI-10305:
-------------------------------------
Summary: Kerberos: during disable, need option skip if unable to
access KDC to remove principals
Key: AMBARI-10305
URL: https://issues.apache.org/jira/browse/AMBARI-10305
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.0.0
Reporter: Robert Levas
Assignee: Robert Levas
Priority: Critical
Fix For: 2.1.0
Attempted to disable kerb, fails on step to unkerberize because KDC admin is
locked out.
Click retry, can't make it past that.
Need option to skip and finish "disable kerberos" even if Ambari cannot get the
principals cleaned up (i.e. cannot access the KDC) Losing access to the KDC and
attempting to disable where ambari can't clean-up the principals should be a
skip'able step. User should still be able to get to a clean,
not-enabled-kerberos-ambari-state w/o accessing the KDC.
*Solution*
Add a flag to the kerberos-env configuration to specify whether Kerberos
identities should be managed by Ambari (true, default) or not (false). This
flag is to be overridable via a _directive_ like {{manage_identities=false}}
when disabling Kerberos, which will skip over any KDC administrative processes.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
