Configuring Authentication with Kerberos
Also available as:
PDF
loading table of contents...

Launch the Kerberos Wizard (Manual Setup)

Choose the Kerberos Wizard Manual Setup if you will manage Kerberos principals and keytabs manually, as opposed to using an existing MIT KDC or Active Directory.

  1. Be sure you have installed and configured your KDC and have prepared the JCE on each host in the cluster.
  2. Log in to Ambari Web and Browse to Admin > Kerberos.
  3. Click “Enable Kerberos” to launch the wizard.
  4. Select the Manage Kerberos principals and keytabs manually option and confirm you have met the prerequisites.
  5. Provide information about the KDC and admin account.
    If your Kerberos client libraries are in non-standard path locations, expand the Advanced kerberos-env section and adjust the “Executable Search Paths” option.
  6. Customize the Kerberos identities used by Hadoop and proceed to kerberize the cluster.
    On the Configure Identities step, be sure to review the principal names, particularly the Ambari Principals on the General tab. These principal names, by default, append the name of the cluster to each of the Ambari principals. You can leave this as default or adjust these by removing the "-${cluster-name}" from principal name string. For example, if your cluster is named HDP and your realm is EXAMPLE.COM, the hdfs principal will be created as hdfs-HDP@EXAMPLE.COM.
  7. Confirm your configuration. Since you have chosen the Manual Kerberos Setup option, obtain the CSV file for the list of principals and keytabs required for the cluster to work with Kerberos. Do not proceed until you have manually created and distributed the principals and keytabs to the cluster hosts.
  8. Click Next to continue.
  9. Ambari updates the cluster configurations, then starts and tests the Services in the cluster.
  10. Exit the wizard when complete.
  11. Finish by completing “Set Up Kerberos for Ambari Server”.