[Freeipa-users] kadmin.local to manage FreeIPA Kerberos
Shaik M
munna.hadoop at gmail.com
Thu Apr 23 06:32:16 UTC 2015
Hi Alex,
Thank you for your prompt reply.
Amabri community going to release new version 2.1, where they are providing
user specific Kerberos like 1.7.
For now i'll go ahead with MIT Kerberos.
Regards,
Shaik
On 23 April 2015 at 13:51, Alexander Bokovoy <abokovoy at redhat.com> wrote:
> On Thu, 23 Apr 2015, Shaik M wrote:
>
>> Hi,
>>
>> We have recently deployed FreeIPA for our Hadoop environment.
>>
>> Recently, Ambari community released 2.0, where this version supports MIT
>> kerberos. Which means Ambri create the all service principals using with
>> "kadmin.local".
>>
>> As I know, "kadmin.local" wont work for FreeIPA kerberos to create the
>> principals. :(
>>
>> Please let me know, is there any alternative ways to create the principals
>> using with "kadmin.local",.
>>
>> It will great helpful for us if can do with "kadmin.local", or-else we
>> have
>> to move back to MIT Kerberos.
>>
> No, at this time it is not possible to use. I've looked at the Ambari
> code and it shouldn't be hard to implement FreeIPA-specific
> KerberosOperationHandler that does proper thing by calling out IPA
> tools.
>
> Part of problem with MITKerberosOperationHandler.java is that you have
> no way to pass any arguments and options to kadmin/kadmin.local at all,
> so even to make it working will go with patching that code. At this
> point it is easier to rewrite it to use 'ipa' and ipa-getkeytab
> utilities altogether because the code is trivial.
>
>
> https://github.com/apache/ambari/blob/ed231beaddaf6347d4defb2fb26d75849c0cafc9/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java
> --
> / Alexander Bokovoy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150423/64cfad1e/attachment.htm>
More information about the Freeipa-users
mailing list