Hadoop Security Guide
Also available as:
PDF
loading table of contents...

Installing and Configuring the KDC

Ambari is able to configure Kerberos in the cluster to work with an existing MIT KDC, or existing Active Directory installation. This section describes the steps necessary to prepare for this integration.

[Note]Note

If you do not have an existing KDC (MIT or Active Directory), install a new MIT KDC. Please be aware that installing a KDC on a cluster host after installing the Kerberos client may overwrite the krb5.conf file generated by Ambari.

You can choose to have Ambari connect to the KDC and automatically create the necessary Service and Ambari principals, generate and distribute the keytabs (“Automated Kerberos Setup”). Ambari also provides an advanced option to manually configure Kerberos. If you choose this option, you must create the principals, generate and distribute the keytabs. Ambari will not do this automatically (“Manual Kerberos Setup”).

Supported Key Distribution Center (KDC) Versions

  • Microsoft Active Directory 2008 and above

  • MIT Kerberos v5