Installing Apache Ranger KMS
Also available as:

Use a Kerberos Principal for the Ranger KMS Repository

To manage access policies for Ranger KMS, a repository is needed with Ranger for the Ranger KMS service. Ambari creates the repository automatically using the repository config user and password provided. The repository config user also needs to be created as a principal in Kerberos with a password. Use the following steps to use a Kerberos principal for the Ranger KMS repository.

In Ranger, all access policies are configured within a repository for each service..
  1. Create system user keyadmin which should be sync in User Tabs in Ranger Admin.
  2. Create principal keyadmin@EXAMPLE.COM with password keyadmin: kadmin.local -q 'addprinc -pw keyadmin keyadmin'.
  3. On the Add Service wizard Customize Services page, set the required values (marked in red).
  4. Under ranger-kms-properties, set the principal and password in the REPOSITORY_CONFIG_USERNAME and REPOSITORY_CONFIG_PASSWORD fields.
  5. To check logs, select Audit to DB under Advanced ranger-kms-audit.
  6. Click Next to continue with the Ranger KMS Add Service wizard.