Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Commands to add HTTP principals to spnego keytab file for AD integrated Kerberose cluster

avatar
Rising Star

I am trying to enable HA for Ranger Admin and for that need to add all of the Ranger Admin Hosts HTTP principals and LoadBalancer principal to the same spnego keytab file. Need instructions on creating AD user (hint to script which Ambari uses to create new principals and keytab files) and add principals into the single keytab file.

1 ACCEPTED SOLUTION

avatar
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login
5 REPLIES 5

avatar
Master Guru
@Saikiran Parepally

I think Ambari uses APIs for creating principals. Instead of going for a complex way, Easiest way is - you can use 'ktpass' to extract principals in keytab.

Please see - https://technet.microsoft.com/en-us/library/cc753771(v=ws.11).aspx

Hope this information helps!

avatar
Guru

Hello @Saikiran Parepally,

To add to @Kuldeep Kulkarni's answer, you can find the instruction to create AD user and keytab, here :

https://community.hortonworks.com/content/supportkb/48973/how-to-setup-kerberos-keytab-for-hadoop-se...

Once you have generated keytabs for all the required principals, you can copy them to Ranger Admin node(s) and use "ktutil" command from Kerberos package to merge all keytabs into one. Like this:

# ktutil
ktutil:  rkt /tmp/service1.keytab
ktutil:  rkt /tmp/service2.keytab
ktutil:  rkt /tmp/service3.keytab
ktutil:  wkt /tmp/combined.keytab
ktutil:  exit

Hope this helps !

avatar
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login

avatar
Rising Star

@Robert Levas @Kuldeep Kulkarni @Vipin Rathor ... Thanks a lot for your responses. Initially our AD team was hesitant to create principals for LoadBalancer and thats the reason why I was looking at Ambari scripts to create that. Now they are convinced and created principal for loadbalancer in AD. I followed ktutil steps mentioned by @Vipin Rathor to merge keytabs as suggested by @Robert Levas. This has solved the issue and I am successfully able to sync policies.

avatar