Sandor Molnar created AMBARI-24960:
--------------------------------------
Summary: Remove warning about requirement for IPA password policy
without expiration in Ambari kerberos wizard
Key: AMBARI-24960
URL: https://issues.apache.org/jira/browse/AMBARI-24960
Project: Ambari
Issue Type: Task
Components: ambari-web
Affects Versions: 2.7.0
Reporter: Sandor Molnar
Assignee: Sandor Molnar
Fix For: 2.8.0
The Ambari kerberos wizard for Existing FreeIPA displays a warning about
setting up a password policy without expiration for the kerberos principals.
[!image-2018-11-26-08-26-37-452.png?default=false|thumbnail!|https://hortonworks.jira.com/secure/attachment/167582/167582_image-2018-11-26-08-26-37-452.png]
As these (user and service) principals are not created with a password, the
password expiration policy does not apply to them. I verified this by
maintaining a cluster by maintaining a kerberized cluster for 120+ days, where
the password for my ldapbind (and other accounts that do have passwords)
expired in 90 days per default policy, without any impact to my kerberos
principals or cluster operations.
Unless we've seen contradictory information, let's please remove this warning
from the wizard to avoid confusing users on what is needed here.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
