Enable Kerberos on Ambari

Posted on In , Views: Symbols count in article: 1k Reading time ≈ 1 mins.

kerberos

Install a new MIT KDC

Install the KDC server

  1. Install a new version of the KDC server

    1
    yum install -y krb5-server krb5-libs krb5-workstation

  1. Update the KDC server configuration file

    1
    vi /etc/krb5.conf

    1. Update the name of realms and ensure the value of “renew_lifetime” is “7d”

      1
      2
      3
      4
      5
      6
      7
      [libdefaults]
      default_realm = BIGDATA.COM
      dns_lookup_realm = false
      dns_lookup_kdc = false
      ticket_lifetime = 24h
      renew_lifetime = 7d
      forwardable = true

    2. Update the item “realms”

      1
      2
      3
      4
      5
      [realms]
      BIGDATA.COM = {
      	kdc = master1.bigdata.com
      	admin_server = master1.bigdata.com
      }

    3. Update the item “domain_realm”

      1
      2
      3
      [domain_realm]
      .bigdata.com = BIGDATA.COM
      bigdata.com = BIGDATA.COM

Create the Kerberos database

1
kdb5_util create -s

Start the KDC

1
2
/etc/rc.d/init.d/krb5kdc start
/etc/rc.d/init.d/kadmin start

Set up the KDC server to auto-start on boot.

1
2
chkconfig krb5kdc on
chkconfig kadmin on

Create a Kerberos Admin

You need to create an admin account, then provide this admin credentials for enabling Kerberos on Ambari.

  1. Create a KDC admin

    1
    kadmin.local -q "addprinc admin/admin"

  2. Ensure this admin account include the authorization to enter into the specific realms

    1
    vi /var/kerberos/krb5kdc/kadm5.acl
    1
    */admin@BIGDATA.COM *

  3. Restart the kadmin process

    1
    /etc/rc.d/init.d/kadmin restart

Install the JCE

If you already use the JDK that contains the JCE, you ought to skip this step.

  1. Download the specific version of the JCE file

    For Oracle JDK 1.8:

    1
    http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

    For Oracle JDK 1.7:

    1
    http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

  2. Add the JCE file to the JDK installation direction

    1
    $JAVA_HOME/jre/lib/security/

Enabling the Kerberos

  1. Enter into the configuration of the kerberos

click the top of the website

enable the kerberos

  1. Choose the type of KDC

choose the type of the KDC

  1. Configure the Kerberos

configure the kerberos

  1. Install and test the Kerberos client

install and test the kerberos client

  1. Configure identities
    You can just click the button “next”.

configure identities

  1. Confirm Configuration
    You need to download the CSV file that contains a list of the principals and keytabs.

confirm configuration

  1. Stop services

stop services

  1. Kerberos cluster

kerberize cluster

  1. Start and test services

start and test services