Before enabling Kerberos in the cluster, you must deploy the Java Cryptography Extension (JCE) security policy files on the Ambari Server and on all hosts in the cluster. Depending on your choice of JDK and if your Ambari Server has Internet Access, Ambari has a few options and actions for you to pursue.
JCE Options and Actions
Scenario |
Action |
---|---|
If you have Internet Access and selected Oracle JDK 1.6 or Oracle JDK 1.7 during Ambari Server setup. |
Ambari automatically downloaded the JCE policy files (that match the JDK) and installed the JCE onto the Ambari Server. You must distribute and install the JCE on all hosts. |
If you have Internet Access and selected Custom JDK during Ambari Server setup. |
The JCE has not been downloaded or installed on the Ambari Server or the hosts in the cluster. You must distribute and install the JCE on Ambari and all hosts. |
If you do not have Internet Access and selected Custom JDK during Ambari Server setup. |
The JCE has not been downloaded or installed on the Ambari Server or the hosts in the cluster. You must distribute and install the JCE on Ambari and all hosts. |
If you have a previous Ambari install and upgraded to Ambari 2.0.0. |
The JCE has not been downloaded or installed on the Ambari Server or the hosts in the cluster. You must distribute and install the JCE on Ambari and all hosts. |