Upgrading Kerberos krb5.conf
Ambari has added support for handling more than one KDC host and kadmin host. This required modifications for the krb5.conf template. In order for Ambari to properly construct the krb5.conf configuration file, make the following configuration change if your cluster meets all of these criteria:
Kerberos is enabled and Ambari is configured for automated setup, and
Ambari is managing the krb5.conf, and
You have modified the krb5.conf template content from the default content. If you have not modified the default content, Ambari will automatically update the template content as part of upgrade and these configuration updates do not need to be applied manually.
If you meet all of the above criteria, you must update the krb5.conf template content found in Services > Kerberos > Advanced:
Original Template Entry |
Updated Template Entry |
---|---|
admin_server = {{admin_server_host|default(kdc_host, True)}} |
admin_server = {{admin_server_host|default(kdc_host_list[0]|trim(), True)}} |
kdc = {{kdc_host}} |
{{realm}} = { {% for kdc_host in kdc_host_list %} kdc = {{kdc_host|trim()}} {%- endfor -%} |