Before enabling
Kerberos in the cluster, you must deploy the Java Cryptography Extension (JCE) security
policy files on the Ambari Server and on all hosts in the cluster, including the Ambari
Server. If you are using OpenJDK, some distributions of the OpenJDK (such as RHEL/CentOS and
Ubuntu) come with unlimited strength JCE automatically and therefore, installation of JCE is
not required.
-
On the Ambari Server, obtain the JCE policy file appropriate for the JDK
version in your cluster:
wget --no-check-certificate --no-cookies --header "Cookie:
oraclelicense=accept-securebackup-cookie"
"http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip"
-
Save the policy file archive in a temporary location.
-
On Ambari Server and on each host in the cluster, add the unlimited security
policy JCE jars to
$JAVA_HOME/jre/lib/security/
.
For example, run the following to extract the policy jars into the JDK
installed on your host:
unzip -o -j -q jce_policy-8.zip -d /usr/jdk64/jdk1.8.0_40/jre/lib/security/
-
Restart Ambari Server:
sudo ambari-server restart
.
Proceed to “Running the Kerberos Security Wizard”.