Hortonworks Docs
»
Hortonworks Cybersecurity Platform 1.7.1
»
Enabling Kerberos
Enabling Kerberos
Also available as:
Enable Kerberos
Checklist: Installing and Configuring the KDC
Optional: Install a new MIT KDC
Optional: Use an Existing IPA
Install the JCE for Kerberos
Launch the Kerberos Wizard (Automated Setup)
Enable Kerberos
You can use Ambari to enable Kerberos for your Hortonworks Cybersecurity Platform (HCP) environment.
Checklist: Installing and Configuring the KDC
Ambari is able to configure Kerberos in the cluster to work with an existing MIT KDC, or existing Active Directory installation. This section describes the steps necessary to prepare for this integration.
Optional: Install a new MIT KDC
The following gives a very high level description of the KDC installation process.
Optional: Use an Existing IPA
You can use an existing FreeIPA setup with Kerberos.
Install the JCE for Kerberos
Before enabling Kerberos in the cluster, you must deploy the Java Cryptography Extension (JCE) security policy files on the Ambari Server and on all hosts in the cluster, including the Ambari Server. If you are using OpenJDK, some distributions of the OpenJDK (such as RHEL/CentOS and Ubuntu) come with unlimited strength JCE automatically and therefore, installation of JCE is not required.
Launch the Kerberos Wizard (Automated Setup)
Choose the Kerberos Wizard Automated Setup if you will use an existing MIT KDC or Active Directory, as opposed to managing Kerberos principals and keytabs manually.
© 2012–2019, Hortonworks, Inc.
Document licensed under the
Creative Commons Attribution ShareAlike 4.0 License
.
Hortonworks.com
|
Documentation
|
Support
|
Community