[
https://issues.apache.org/jira/browse/AMBARI-20586?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15943630#comment-15943630
]
Robert Levas commented on AMBARI-20586:
---------------------------------------
[~bsari]
{quote}
Add (optional) master_kdcs to kerberos-env and generated krb5.conf file. If
kerberos-env/master_kdcs is not empty, it should contain a list of IP addresses
or FQDNs for one or more KDCs. Multiple entries should be comma-delimited.
{quote}
I cannot find any examples where multiple master KDCs are allowed... so maybe
this should only support a single master KDC for now; and, if needed, the
feature can be expanded to allow for multiple master KDCs.
> Add (optional) master_kdcs to kerberos-env and generated krb5.conf file
> -----------------------------------------------------------------------
>
> Key: AMBARI-20586
> URL: https://issues.apache.org/jira/browse/AMBARI-20586
> Project: Ambari
> Issue Type: Bug
> Reporter: Balázs Bence Sári
> Assignee: Balázs Bence Sári
> Fix For: 3.0.0, 2.5.1
>
> Attachments: AMBARI-20586-Master-kdc_trunk_v2.patch
>
>
> Add (optional) {{master_kdcs}} to {{kerberos-env}} and generated krb5.conf
> file. If {{kerberos-env/master_kdcs}} is not empty, it should contain a list
> of IP addresses or FQDNs for one or more KDCs. Multiple entries should be
> comma-delimited.
> According to
> https://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html:
> {quote}
> master_kdc
> Identifies the master KDC(s). Currently, this tag is used in only one case:
> If an attempt to get credentials fails because of an invalid password, the
> client software will attempt to contact the master KDC, in case the user’s
> password has just been changed, and the updated database has not been
> propagated to the slave servers yet.
> {quote}
> This should help with scenarios where multiple KDCs are in a master/slave (or
> replicated) configuration.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
