----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/33952/#review82909 -----------------------------------------------------------
Ship it! Ship It! - Tom Beerbower On May 7, 2015, 6:48 p.m., Robert Levas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/33952/ > ----------------------------------------------------------- > > (Updated May 7, 2015, 6:48 p.m.) > > > Review request for Ambari, Erik Bergenholtz, Sid Wagle, and Tom Beerbower. > > > Bugs: AMBARI-11001 > https://issues.apache.org/jira/browse/AMBARI-11001 > > > Repository: ambari > > > Description > ------- > > It appears that it is necessary to kinit prior to starting ambari-server, > even after ambari-server setup-security (#3). It seems that this should be > automatically handled by Ambari. > > Ambari-server should NOT use the same ticket cache as the interactive user. > > STR: > 1. kinit > 2. ambari-server start > 3. verify that ambari-server can authenticate with ticket specified in #1 > 4. kdestroy > 5. try to authenticate through Ambari again (it will not work) > > #Solution# > Ensure JAAS Login works properly such that the Kerberos tickets for the > account that executes Ambari is not relevant. > > > Diffs > ----- > > ambari-server/conf/unix/krb5JAASLogin.conf b667081 > ambari-server/conf/windows/krb5JAASLogin.conf 2db9959 > > Diff: https://reviews.apache.org/r/33952/diff/ > > > Testing > ------- > > Manually tested using the Ambari File View to ensure Kerberos authentication > was perfromed via JAAS internal to Ambari and not relying on interactive user > ticket cache > > > Thanks, > > Robert Levas > >
