4.3. Enabling Kerberos Security

Ambari supports the Kerberos protocol which allows nodes in your cluster to prove their identites, or authenticate in a secure manner. To enable Kerberos security you must:

  1. Set up Kerberos for your cluster. For more information on setting up Kerberos, see Setting Up Kerberos for Use with Ambari.

  2. Choose Enable Security and follow the Enable Security Wizard.

    1. Get Started: Read the overview of the procedure necessary to set up Kerberos, supported by the Enable Security Wizard.

    2. Configure Services: Prompts you to provide the information required to implement Kerberos for each Hadoop service in your HDP cluster, including principals and paths to keytabs, path to your Kerberos tools, realm names and so on. For more information about a specific field, hover your cursor over the field until a pop-up window that provides a definition appears.

    3. Create Principals and Keytabs: Use this step to check that all your information is correct. Click Back to make any changes. Click Apply when you are satisfied with the assignments.

      [Note]Note

      If you have a large cluster, you may want to go to the Create Principals and Keytabs step first. Step through the wizard accepting the defaults to get to the appropriate page. On the page, use the Download CSV button to get a list of all the necessary principals and keytabs in CSV form, which can be used to set up a script. The list includes hostname, principal description, principal name, keytab user, keytab group, keytab permissions, absolute keytab path, and keytab file name.

    4. Save and Apply Configuration: This step displays a bar showing the progress of integrating the Kerberos information into your Ambari Server.


loading table of contents...