[DOCS-3037] MMS: add minimum KDC ticket validity to kerberos section Created: 31/Mar/14  Updated: 16/Mar/15  Resolved: 09/Apr/14

Status: Closed
Project: Documentation
Component/s: Cloud Manager
Affects Version/s: None
Fix Version/s: v1.3.3, mms-1.4

Type: Task Priority: Critical - P2
Reporter: John Morales Assignee: Tim Slavin
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:
Days since reply: 9 years, 45 weeks, 1 day ago

 Description   

The new monitoring agent's implementation has a new constraint that the customer's KDC must grant tickets that are valid for at least 4 hours. The
monitoring agent takes care of periodically renewing the ticket.



 Comments   
Comment by Cailin Nelson [ 08/Apr/14 ]

Please make sure this change is applied to both master and the OnPrem1.4 branch.

Comment by John Morales [ 04/Apr/14 ]

Ah, right it has changed:

  • For the go monitoring agent, the settings file is at /etc/mongodb-mms/monitoring-agent.config
  • The setting keys are the same, however: krb5Principal, krb5Keytab
  • All the python dependencies including pymongo and "build-essential" are gone for go monitoring agent.
  • There's an additional step where users will need to edit the Hosts in MMS to indicate which ones should use Kerberos (GSSAPI) as their auth mechanism. E.g., http://cl.ly/image/3p2X1m2F0R1v
Generated at Thu Feb 08 07:44:50 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.