question on Kerberos attribute template

Mon, 22 Feb 2016 21:49:56 -0800 

Hi,After kerberization via Ambari UI, I noticed that there is "attribute 
template" shown in the Advanced kerberos-env:

{
  "objectClass": ["top", "person", "organizationalPerson", "user"],
  "cn": "$principal_name",
  #if( $is_service )
  "servicePrincipalName": "$principal_name",
  #end
  "userPrincipalName": "$normalized_principal",
  "unicodePwd": "$password",
  "accountExpires": "0",
  "userAccountControl": "66048"
}

This attribute template, however,  is not there if kerberization is via REST 
API.  The following is my json file used in REST API. How significant is this 
"attribute template"? Will it cause any grief if there is none?  If so, how to 
incorporate it into the json file?

[
  {
    "Clusters": {
      "desired_config": {
        "type": "krb5-conf",
        "tag": "version1",
        "properties": {
          "domains":"",
          "manage_krb5_conf": "true",
          "conf_dir":"/etc",
          "content" : "[libdefaults]\n  renew_lifetime = 7d\nmax_renewable_life 
= 7d\n  forwardable= true\n  default_realm = {{realm|upper()}}\n  
ticket_lifetime = 24h\n  dns_lookup_realm = false\n  dns_lookup_kdc = false\n  
#default_tgs_enctypes = {{encryption_types}}\n  #default_tkt_enctypes 
={{encryption_types}}\n\n{% if domains %}\n[domain_realm]\n{% for domain in 
domains.split(',') %}\n  {{domain}} = {{realm|upper()}}\n{% endfor %}\n{%endif 
%}\n\n[logging]\n  default = FILE:/var/log/krb5kdc.log\nadmin_server = 
FILE:/var/log/kadmind.log\n  kdc = FILE:/var/log/krb5kdc.log\n\n[realms]\n  
{{realm}} = {\n    admin_server = {{admin_server_host|default(kdc_host, 
True)}}\n    kdc = {{kdc_host}}\n }\n\n{# Append additional realm declarations 
below #}\n"
        }
      }
    }
  },
  {
    "Clusters": {
      "desired_config": {
        "type": "kerberos-env",
        "tag": "version1",
        "properties": {
          "kdc_type": "mit-kdc",
          "manage_identities": "true",
          "install_packages": "true",
          "encryption_types": "aes des3-cbc-sha1 rc4 des-cbc-md5",
          "realm" : "EXAMPLE.COM",
          "kdc_host" : "<%= @master['fqdn']%>",
          "admin_server_host" : "<%= @master['fqdn']%>",
          "executable_search_paths" : "/usr/bin, /usr/kerberos/bin, /usr/sbin, 
/usr/lib/mit/bin, /usr/lib/mit/sbin",
          "password_length": "20",
          "password_min_lowercase_letters": "1",
          "password_min_uppercase_letters": "1",
          "password_min_digits": "1",
          "password_min_punctuation": "1",
          "password_min_whitespace": "0",
          "service_check_principal_name" : "${cluster_name}-${short_date}",
          "case_insensitive_username_rules" : "false"
        }
      }
    }
  }
]
Thanks,fay 

Reply via email to