Robert Levas created AMBARI-21919:
-------------------------------------
Summary: Kerberos identity references should use the "reference"
attribute
Key: AMBARI-21919
URL: https://issues.apache.org/jira/browse/AMBARI-21919
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.4.0
Reporter: Robert Levas
Assignee: Robert Levas
Fix For: 2.6.0
Kerberos identity references should use the "reference" attribute rather than
rely on the "name" attribute to indicate the identity descriptor references
some other identity descriptor.
Either method should work on the backend, however the UI appears to not fully
handle the "named" reference properly.
The solution is to change
{code}
{
"name": "/HDFS/NAMENODE/namenode_nn",
"principal": {
"configuration":
"ranger-hdfs-audit/xasecure.audit.jaas.Client.option.principal"
},
"keytab": {
"configuration":
"ranger-hdfs-audit/xasecure.audit.jaas.Client.option.keyTab"
}
}
{code}
by changing the "name" attribute to "reference" and adding a new "name"
reference with a unique name relative to the scope of the identity descriptor.
For example:
{code}
{
"name":"ranger_hdfs_audit"
"reference": "/HDFS/NAMENODE/namenode_nn",
"principal": {
"configuration":
"ranger-hdfs-audit/xasecure.audit.jaas.Client.option.principal"
},
"keytab": {
"configuration":
"ranger-hdfs-audit/xasecure.audit.jaas.Client.option.keyTab"
}
}
{code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
