using a non-MIT kerberos server, and manage keytabs and kerberos accounts themselves, not through ambari. how can they change the passwords for both ranger admin and keyadmin. The docs are unclear on what this entails: can we just change them in our IPA, and that's it? Are there any config changes or updates necessary in Ambari when we do that? Would anything about the process impact uptime on our cluster? ... View more

Currently default JDK is jdk1.8.0_40 which seems to have issues with Kerberos. Currently at HDP 2.3.2, and Ambari 2.1.2. Customer is planning on setting this up with jdk1.8.0_60 and needs conformation that these below changes are enough for jdk1.8.0_60 to be accepted as new default in file serverSetup.py: JDKRelease("jdk1.8", "Oracle JDK 1.8 + Java Cryptography Extension (JCE) Policy Files 8", "http://public-repo-1.hortonworks.com/ARTIFACTS/jdk-8u40-linux-x64.tar.gz", "jdk-8u40-linux-x64.tar.gz", "http://public-repo-1.hortonworks.com/ARTIFACTS/jce_policy-8.zip", "jce_policy-8.zip", "/usr/jdk64/jdk1.8.0_40", "(jdk.*)/jre") He will change names from jdk1.8.0_40 to jdk1.8.0_60 and use my own repository to host the file. Not touching jce-policy. Could you please confirm if these changes are enough? ... View more