I am looking for integration of Free IPA and Kerberos as ambari doesnt support FreeIPA,I have followed workshop of Ali bajwa mentioned on this link https://github.com/abajwa-hw/security-workshops and also read the article of David Streever on this link:https://community.hortonworks.com/articles/811/manual-keytab-principal-creation-for-ipa-to-suppor.html. I want to wget the kerberos .csv file before enabling kerberos and change realm name and edit keytabs field in kerberos.csv file by deleting Clustername so that its not cluster specific as mentioned in above links.I am trying this approach to make kerberos.csv file identical to file obtained by Using amabri UI to enable kerberos and the configure realm name and keytabs and then click on Download CSV file option.
Thanks in advance!
@vipin:Is there any rest api for kerberos by which we can define cluster name and realm name that is provided via ambari UI from terminal to generate the csv file of kerberos
Hello @Chandan Singh,
Yes, it is possible to use REST APIs to achieve that. But first, you need to follow some prerequisite process to arrive at that info. Basically you need to create a Kerberos descriptor in Ambari configuration by following this link here: https://cwiki.apache.org/confluence/display/AMBARI/Automated+Kerberizaton#AutomatedKerberizaton-TheR...
Once the Kerberos descriptor is created, you can use this API call to extract csv data of Kerberos configuration:
curl -H "Content-Type: application/text" -H 'X-Requested-By: ambari' -u admin:admin -i -X GET "http://127.0.0.1:8080/api/v1/clusters/Sandbox/kerberos_identities?fields=*&format=csv"
Hope this helps.