ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-9852) Kerberos: Kerberos Service Check needs to generate and destroy it's own unique identity for testing
Date Tue, 03 Mar 2015 16:37:05 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-9852?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14345297#comment-14345297
] 

Hudson commented on AMBARI-9852:
--------------------------------

FAILURE: Integrated in Ambari-trunk-Commit #1933 (See [https://builds.apache.org/job/Ambari-trunk-Commit/1933/])
AMBARI-9852. Kerberos: Kerberos Service Check needs to generate and destroy it's own unique
identity for testing (rlevas) (rlevas: http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=954b96e1edf8fc313ce06d57928b3e26e714770a)
* ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
* ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
* ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/service_check.py
* ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py
* ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java


> Kerberos: Kerberos Service Check needs to generate and destroy it's own unique identity
for testing
> ---------------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-9852
>                 URL: https://issues.apache.org/jira/browse/AMBARI-9852
>             Project: Ambari
>          Issue Type: Task
>          Components: ambari-server
>    Affects Versions: 2.0.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>              Labels: kerberos
>             Fix For: 2.0.0
>
>         Attachments: AMBARI-9852_01.patch
>
>
> The Kerberos _service check_ needs to generate it's own unique identity to use for testing
and then destroy it when complete.  This will ensure that any _known_ identities (such as
the smokeuser, usually ambari-qa) does not accidentally get removed if shared between clusters
or if the service check is run after Kerberos is enabled. 
> The service check must perform the following steps:
> # Create a unique principal in the relevant KDC (server)
> # Test that the principal can be used to authenticate via kinit (agent)
> # Destroy the principal (server)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message