Ambari Security Guide
Also available as:
PDF
loading table of contents...

Running the Kerberos Security Wizard

Ambari provides three options for enabling Kerberos:

  • Existing MIT KDC

  • Existing Active Directory

  • Manage Kerberos principals and keytabs manually

When choosing Existing MIT KDC or Existing Active Directory, the Kerberos Wizard prompts for information related to the KDC, the KDC Admin Account and the Service and Ambari principals. Once provided, Ambari will automatically create principals, generate keytabs and distribute keytabs to the hosts in the cluster. The services will be configured for Kerberos and the service components are restarted to authenticate against the KDC. This is the Automated Setup option. See Launching the Kerberos Wizard (Automated Setup) for more details.

When choosing Manage Kerberos principals and keytabs manually, you must create the principals, generate and distribute the keytabs. Ambari will not do this automatically. This is the Manual Setup option. See Launching the Kerberos Wizard (Manual Setup) for more details.