Installing the JCE

Before enabling Kerberos in the cluster, you must deploy the Java Cryptography Extension (JCE) security policy files on the Ambari Server and on all hosts in the cluster.

	Important
	If you are using Oracle JDK, you must distribute and install the JCE on all hosts in the cluster, including the Ambari Server. Be sure to restart Ambari Server after installing the JCE. If you are using OpenJDK, some distributions of the OpenJDK come with unlimited strength JCE automatically and therefore, installation of JCE is not required.

On the Ambari Server, obtain the JCE policy file appropriate for the JDK version in your cluster.
- For Oracle JDK 1.8:
  http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
- For Oracle JDK 1.7:
  http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
Save the policy file archive in a temporary location.
On Ambari Server and on each host in the cluster, add the unlimited security policy JCE jars to $JAVA_HOME/jre/lib/security/.
For example, run the following to extract the policy jars into the JDK installed on your host:
```
unzip -o -j -q jce_policy-8.zip -d /usr/jdk64/jdk1.8.0_60/jre/lib/security/
```
Restart Ambari Server.

​Installing the JCE

Installing the JCE