Security
Also available as:
PDF
loading table of contents...

Enabling Kerberos on Ambari

Once you have completed the prerequisites, you are ready to enable Kerberos for Ambari.

  1. From the Ambari UI, click Admin, and select Kerberos.

  2. Click Enable Kerberos to launch the Enable Kerberos Wizard.

  3. From the Get Started screen, select the type of KDC you want to use.

  4. Provide information about the KDC and admin account.

    1. In the KDC section, enter the following information:

      • In the KDC Host field, the IP address or FQDN for the KDC host. Optionally a port number may be included.

      • In the Realm name field, the default realm to use when creating service principals.

      • (Optional) In the Domains field, provide a list of patterns to use to map hosts in the cluster to the appropriate realm. For example, if your hosts have a common domain in their FQDN such as host1.hortonworks.local and host2.hortonworks.local, you would set this to:

        .hortonworks.local,hortonworks.local

    2. In the Kadmin section, enter the following information:

      • In the Kadmin Host field, the IP address or FQDN for the KDC administrative host. Optionally a port number may be included.

      • The Admin principal and password that will be used to create principals and keytabs.

      • (Optional) If you have configured Ambari for encrypted passwords, the Save Admin Credentials option will be enabled. With this option, you can have Ambari store the KDC Admin credentials to use when making cluster changes.

  5. From the Install and Test Kerberos Client page, proceed with the install. Click Next when complete.

  6. From the Configure Identities page, you can customize the Kerberos identities as needed, and proceed to kerberize the cluster.

    Be sure to review the principal names, particularly the Ambari Principals on the General tab. These principal names, by default, append the name of the cluster to each of the Ambari principals. You can leave this as default or adjust these by removing the "-${cluster-name}" from principal name string.

    Click the Advanced tab to review the principals and keytabs for each service.

  7. Confirm your configurations, and click next to proceed kerberizing your cluster.