Use a Kerberos Principal for the Ranger KMS Repository
To manage access policies for Ranger KMS, a repository is needed with Ranger for the Ranger KMS service. Ambari creates the repository automatically using the repository config user and password provided. The repository config user also needs to be created as a principal in Kerberos with a password. Use the following steps to use a Kerberos principal for the Ranger KMS repository.
- Create system user
keyadminwhich should be sync in User Tabs in Ranger Admin.
- Create principal
kadmin.local -q 'addprinc -pw keyadmin keyadmin'.
- On the Add Service wizard Customize Services page, set the required values (marked in red).
- Under ranger-kms-properties, set the principal and password in the REPOSITORY_CONFIG_USERNAME and REPOSITORY_CONFIG_PASSWORD fields.
- To check logs, select Audit to DB under Advanced ranger-kms-audit.
- Click Next to continue with the Ranger KMS Add Service wizard.