-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/33952/
-----------------------------------------------------------
Review request for Ambari, Erik Bergenholtz, Sid Wagle, and Tom Beerbower.
Bugs: AMBARI-11001
https://issues.apache.org/jira/browse/AMBARI-11001
Repository: ambari
Description
-------
It appears that it is necessary to kinit prior to starting ambari-server, even
after ambari-server setup-security (#3). It seems that this should be
automatically handled by Ambari.
Ambari-server should NOT use the same ticket cache as the interactive user.
STR:
1. kinit
2. ambari-server start
3. verify that ambari-server can authenticate with ticket specified in #1
4. kdestroy
5. try to authenticate through Ambari again (it will not work)
#Solution#
Ensure JAAS Login works properly such that the Kerberos tickets for the account
that executes Ambari is not relevant.
Diffs
-----
ambari-server/conf/unix/krb5JAASLogin.conf b667081
ambari-server/conf/windows/krb5JAASLogin.conf 2db9959
Diff: https://reviews.apache.org/r/33952/diff/
Testing
-------
Manually tested using the Ambari File View to ensure Kerberos authentication
was perfromed via JAAS internal to Ambari and not relying on interactive user
ticket cache
Thanks,
Robert Levas
