You may want to integrate Kerberos authentication into your Ambari Server implementation. If you do follow the next few steps. It’s that easy.
Step 1: Stop Ambari Server
- sudo ambari-server stop
Step 2: Create keytab file
- ktutil
- addent -password -p ##USER##@##DOMAIN##.COM -k 1 -e RC4-HMAC
- # Enter password
- wkt ##USER##.keytab
- q
- $ sudo mkdir /etc/security/keytabs
- $ mv ##USER##.keytab /etc/security/keytabs
Step 3: Test Keytab. You should see the ticket once you klist.
- kinit -kt /etc/security/keytabs/ambarisa.keytab -a ambarisa@AERYON.COM
- klist
Step 4: Run Ambari Server Kerberos Setup
- sudo ambari-server setup-kerberos
Follow the prompts. Say true to enabling kerberos. The keytab file will be the /etc/security/##USER##.keytab file. You should be able to leave the rest defaults. Save the settings and you are done.
Step 5: Remove the kinit ticket you created that way you can make sure you kerberos authentication is working correctly.
- kdestroy
Step 6: Start Ambari Server
- sudo ambari-server start
Step 7: Validate Kerberos. You should see your ticket get created and you should now be able to login with no issues.
- klist