[
https://issues.apache.org/jira/browse/AMBARI-10709?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14520565#comment-14520565
]
Laser commented on AMBARI-10709:
--------------------------------
Hi Robert .
Thank you for your interest in this JIRA.
I was looking at the JIRA suggested by you - AMBARI-9783, it seems that both
JIRA's are complementing one another .
I believe that this is the case since AMBARI-9783 is requesting an option to
enable kerberos manually, and this JIRA (AMBARI-10709) will actually create the
scripts based on the users topology in order to be run manually (after
reviewing the content is correct).
So basically they are "best of friends" .
> Kerberos automation via generated scripts
> -----------------------------------------
>
> Key: AMBARI-10709
> URL: https://issues.apache.org/jira/browse/AMBARI-10709
> Project: Ambari
> Issue Type: New Feature
> Components: security
> Reporter: Laser
>
> Currently Amabari project does not provide a way for very security conscious
> clients to get editable scripts to be run on their system .
> In a real world scenario with enterprise level customers, there will be no
> way that these customers will let the Ambari wizard run anything on the
> organization LDAP server .
> What we suggest to contribute is a framework which is based on "IBM''s
> kerberos automation toolkit for hadoop ", more details can be found here :
> https://developer.ibm.com/hadoop/blog/2014/12/11/ibms-kerberos-automation-toolkit-hadoop/
> This toolkit supports building scripts and other resources for both
> "openLDAP" and "Active Directory" in order to ease up the configuration of
> kerberos on hadoop enviornments for security concious clients . these scripts
> and artifacts are created based on the clients topology . and have been
> tested at various client sites.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
