Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Free IPA and Kerberos integration by automating manual steps

Highlighted

Free IPA and Kerberos integration by automating manual steps

New Contributor

Hi ,

I am looking for integration of Free IPA and Kerberos as ambari doesnt support FreeIPA,I have followed workshop of Ali bajwa mentioned on this link https://github.com/abajwa-hw/security-workshops and also read the article of David Streever on this link:https://community.hortonworks.com/articles/811/manual-keytab-principal-creation-for-ipa-to-suppor.html. I want to wget the kerberos .csv file before enabling kerberos and change realm name and edit keytabs field in kerberos.csv file by deleting Clustername so that its not cluster specific as mentioned in above links.I am trying this approach to make kerberos.csv file identical to file obtained by Using amabri UI to enable kerberos and the configure realm name and keytabs and then click on Download CSV file option.

Thanks in advance!

3 REPLIES 3
Highlighted

Re: Free IPA and Kerberos integration by automating manual steps

Guru

Hello @Chandan Singh, may we know what is your question?

Re: Free IPA and Kerberos integration by automating manual steps

New Contributor

@vipin:Is there any rest api for kerberos by which we can define cluster name and realm name that is provided via ambari UI from terminal to generate the csv file of kerberos

Highlighted

Re: Free IPA and Kerberos integration by automating manual steps

Guru

Hello @Chandan Singh,

Yes, it is possible to use REST APIs to achieve that. But first, you need to follow some prerequisite process to arrive at that info. Basically you need to create a Kerberos descriptor in Ambari configuration by following this link here: https://cwiki.apache.org/confluence/display/AMBARI/Automated+Kerberizaton#AutomatedKerberizaton-TheR...

Once the Kerberos descriptor is created, you can use this API call to extract csv data of Kerberos configuration:

curl -H "Content-Type: application/text" -H 'X-Requested-By: ambari' -u admin:admin -i -X GET  "http://127.0.0.1:8080/api/v1/clusters/Sandbox/kerberos_identities?fields=*&format=csv"

Hope this helps.

Don't have an account?
Coming from Hortonworks? Activate your account here