3. Setting up Ambari for Kerberos

To turn on Kerberos-based security in the Ambari Web GUI you must:

  1. Have already set up Kerberos for your cluster. For more information, see Preparing Kerberos for Hadoop.

  2. Go to the Admin tab.

  3. Select Security.

  4. Click Enable Security and follow the Enable Security Wizard.

    1. Get Started: This step just reminds you that you need to set up Kerberos before you start.

    2. Configure Services: This step asks you for your Kerberos information: principals and paths to keytabs, path to your Kerberos tools, realm names and so on. For more information about a specific field, hover over it, and a pop-up window with a definition displays.

    3.  Create Principals and Keytabs: Use this step to check that all your information is correct. Click Back to make any changes. Click Apply when you are satisfied with the assignments.


      If you have a large cluster, you may want to go to the Create Principals and Keytabs step first. Step through the wizard accepting the defaults to get to the appropriate page. On the page, use the Download CSV button to get a list of all the necessary principals and keytabs in CSV form, which can be used to set up a script. The list includes hostname, principal description, principal name, keytab user, keytab group, keytab permissions, absolute keytab path, and keytab filename.

    4. Save and Apply Configuration: This step displays a bar showing the progress of integrating the Kerberos information into your Ambari Server.