Enabling Kerberos Security
Whether you choose automated or manual Kerberos setup, Ambari provides a wizard to help with enabling Kerberos in the cluster. This section provides information on preparing Ambari before running the wizard, and the steps to run the wizard.
Prerequisites
- Having the JCE installed on all hosts on the cluster (including the Ambari Server).
- Having the Ambari Server host as part of the cluster.
- Create mappings between principals and UNIX user names. . Creating mappings can help resolve access issues related to case mismatches between principal and local user names.
Exclusions
Ambari Metrics will not be secured with Kerberos unless it is configured for distributed metrics storage. By default, it uses embedded metrics storage and will not be secured as part of the Kerberos Wizard. If you wish to have Ambari Metrics secured with Kerberos, please see “Customizing the Metrics Collector Mode” to enable distributed metrics storage prior to running the Kerberos Wizard.
Centrify Server Suite
If Centrify is installed and being used on any of the servers in the cluster, it is critical that you refer to Centrify's integration guide before attempting to enable Kerberos Security on your cluster. The documentation can be found in the Centrify Server Suite documentation library. A direct link to the Hortonworks-specific configuration guide can be found below.