5.3. Security

Apache Jira

HWX Jira


AMBARI-9862BUG-31694Keytab field is not shown correctly
AMBARI-10020BUG-32843Ambari Server sync-ldap not pulling in group membership
AMBARI-10094BUG-33203Kerberos: disable edit on generated ambari principal and keytab configs
AMBARI-10095BUG-33221HiveServer2 does not install/start when running w/o sudo
AMBARI-10162BUG-33416Host registration ssh with sudo user + 027 does not work on ubuntu
AMBARI-10176BUG-33208Storm service check failed after disabling security
AMBARI-10200BUG-31144Storm secure config not visible through Ambari storm config UI
AMBARI-10236BUG-33726Principal and Keytab configuration specifications are ignored when disabling Kerberos
AMBARI-10266BUG-33768Cannot enable kerberos with Ambari server running non-root
AMBARI-10305BUG-33872Kerberos: during disable, need option skip if unable to access KDC to remove principals
AMBARI-10400BUG-34054Handle no "sudo -E" environments
AMBARI-10402BUG-32940Ambari does not setup YARN NMs correctly with LinuxContainerExecutor in insecure mode
AMBARI-10415BUG-33501Sometimes Datanode start fails when using non-default umask
AMBARI-10416BUG-33867Allow Ranger usersync process to be run as ranger (non-root user)
AMBARI-10452BUG-31780Ambari unable to start services using non-default kinit_path_local
AMBARI-10461BUG-33568Spark History Server does not start with non-root agent
AMBARI-10507BUG-34801Local root user's group being assigned to hadoop
AMBARI-10513BUG-31217ambari-server sync-ldap fails if there are too many users in the LDAP server (more than 1000?)
AMBARI-10520BUG-34816Remove automatedKerberos experimental, on by default
AMBARI-10535BUG-33318"Regenerate Keytabs" should restart services when complete
AMBARI-10690BUG-35206HBase Ranger plugin fails to install with non-root agent
AMBARI-10692BUG-35311Hdfs Ranger plugin fails with non-root agent
AMBARI-10773BUG-35542Hive Ranger plugin fails to install with non-root agent
AMBARI-10787BUG-35622Knox,Storm Ranger plugins fail to install with non-root agent
AMBARI-11029BUG-32772Kerberos Wizard: Hide create_attributes_template when not configuring for Active Directory
AMBARI-11081BUG-35695Kerberos: option to skip "Install and Test Kerberos Client" step on error
AMBARI-11157BUG-33132Add host kerberos client install does not have command text
AMBARI-11179BUG-33200Kerberos: Oozie auth rules do not look correct
AMBARI-11360BUG-34057Kerberos FE: during disable, need option skip if unable to access KDC to remove principals
AMBARI-11362BUG-37678Kerberos: Creating principals in AD when special characters are involved causes failures
AMBARI-11372BUG-37792JMX Metric monitoring is broken on a cluster secured with HTTP SPNEGO (2.1)
AMBARI-11372BUG-37788NN and YARN HA, doesn't show active/standby status on UI, for cluster secured with HTTP SPNEGO (2.1)
AMBARI-11372BUG-37166Namenode HA monitoring broken on cluster secured with HTTP SPNEGO (2.1)
AMBARI-11394BUG-35160Nothing happens when clicking Next on the second page of Security Wizard
AMBARI-11396BUG-35699Kerberos: UI shows Kerberize Cluster step as failed with a retry button, but the backend keeps moving forward to Kerberize the cluster
AMBARI-11590BUG-37772Kerberos: provide option to set test account name
AMBARI-11646BUG-36755Need option to not override local uid
AMBARI-11647BUG-38452Non-root Agent: Kerberos Wizard - Check Kerberos fails during Test Kerberos Client
AMBARI-11687BUG-33935Kerberos: Force principal names to resolve to lowercase lower usernames in auth-to-local default rules
AMBARI-11694BUG-35361After enabling Kerberos via the REST API, the Ambari UI behaves as if the cluster is not Kerberized
AMBARI-11752BUG-37768Kerberos: adjust ambari headless principals for unique names
AMBARI-11754BUG-38753YARN local usercache is chown'd as user YARN when cluster is in secure mode
AMBARI-11780BUG-38901Ambari creation of oozie/conf/adminusers.txt breaks oozie role separation for Kerberos
AMBARI-11882BUG-39372Kerberos: Oozie auth rules do not look correct
AMBARI-11947BUG-39028ambari-agent 2.0.1 overwrites /etc/sudoers.d/ambari-agent if it is exists
AMBARI-11948BUG-38138If couple of users have the same UID as root (or Ambari user) ambari-agent fails to start
AMBARI-11960BUG-38393Starting ambari server non-root fails, umask 027, does not set JDK + JCE files to 644
AMBARI-12102BUG-33239Remove general purpose proxy endpoint and add checks for View proxy endpoints
AMBARI-12156BUG-40235Kerberos: prompts for HDFS ambari principals w/o hdfs in cluster
AMBARI-12180BUG-40426Enabling Kerberos on cluster with AMS and no HDFS fails
AMBARI-12276BUG-40656Oozie running with pig fail to renew JHS delegation token when RU because JHS recovery is not enabled