Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How does Ambari Create Service and User Principals and keytabs when Windows AD is used as KDC

How does Ambari Create Service and User Principals and keytabs when Windows AD is used as KDC

Contributor

How does Ambari automatically create service principals and user principals?

I am not an expert in Java and hence I would be greatly thankful to anyone who can point out the code in github or somewhere which provides me the commands used in the code to create service principals, user principals and keytabs when Windows AD is used as KDC

Thanks for your time

2 REPLIES 2

Re: How does Ambari Create Service and User Principals and keytabs when Windows AD is used as KDC

@Sriram

Ambari pretty much does what the following article shows - How to create AD principal accounts using OpenLdap utilities and adding it to a keytab.

Using the Active Directory's LDAP interface (via JNDI) an account is created with the relevant attributes set (same ones from the article). The password for the account is randomly generated by Ambari so it can internally create the keytab file for that account. Finally the keytab file is distributed to the relevant host(s).

The AD-specific logic to create the Kerberos principals is in the ADKerberosOperationHandler class. This extends the KerberosOperationHandler class which contains most of the logic used to create the keytab files.

Re: How does Ambari Create Service and User Principals and keytabs when Windows AD is used as KDC

Contributor

@Robert Levas Thanks a lot for your help on this.

Don't have an account?
Coming from Hortonworks? Activate your account here