Created on 10-24-2017 10:51 AM - edited 09-16-2022 05:26 AM
I want to use High Availability for kerberos.
If anyone have the method, Please give me the infomation.
Regards,
Created 10-24-2017 12:22 PM
Your question is a bit broad. Are you looking to set up a KDC (or Active Directory) for high availability or configure Ambari to connect to replicated KDCs or Active Directories?
If you are looking to set up a replicated KDC, this is probably not the forum for that. However if you are setting up an MIT KDC, you can following docs from https://web.mit.edu/kerberos/krb5-devel/doc/admin/install_kdc.html.
From the Ambari side, as of Ambari 2.4.0, you can specify multiple KDC hosts to be set in the Ambari-managed krb5.conf file. Also, you will want to set the master_kdc value for the realm. There is a field in the Enable Kerberos Wizard in Ambari 2.5.1 and above for this (Advanced kerberos-env -> Master KDC host) or you can manually add it to the krb5.conf template under "Advanced krb5-conf".
Whether the krb5,conf file is managed by Ambari or not, the realm specification for your realm should look something like
EXAMPLE.COM = { kdc = kdc1.example.com kdc = kdc2.example.com master_kdc = kdc1.example.com }
Created 10-24-2017 11:57 AM
From Ambari 2.4 onwards you can define "kdc_hosts" which can have comma separated values for KDC : https://issues.apache.org/jira/browse/AMBARI-13240
Apache Ambari Docs: https://cwiki.apache.org/confluence/display/AMBARI/Automated+Kerberizaton#AutomatedKerberizaton-kdc_...
.
Created 10-25-2017 04:16 AM
Created 10-24-2017 12:22 PM
Your question is a bit broad. Are you looking to set up a KDC (or Active Directory) for high availability or configure Ambari to connect to replicated KDCs or Active Directories?
If you are looking to set up a replicated KDC, this is probably not the forum for that. However if you are setting up an MIT KDC, you can following docs from https://web.mit.edu/kerberos/krb5-devel/doc/admin/install_kdc.html.
From the Ambari side, as of Ambari 2.4.0, you can specify multiple KDC hosts to be set in the Ambari-managed krb5.conf file. Also, you will want to set the master_kdc value for the realm. There is a field in the Enable Kerberos Wizard in Ambari 2.5.1 and above for this (Advanced kerberos-env -> Master KDC host) or you can manually add it to the krb5.conf template under "Advanced krb5-conf".
Whether the krb5,conf file is managed by Ambari or not, the realm specification for your realm should look something like
EXAMPLE.COM = { kdc = kdc1.example.com kdc = kdc2.example.com master_kdc = kdc1.example.com }
Created 04-08-2019 09:29 AM
Hi Robert,
Could you please clarify me some doubts.
I have installed kerberos in my cluster and its working fine.
Now i have to enable HA for Kerberos so as per my understanding I should install KDC in another server which acts as Standby and then I should update krb5.conf file on both servers as mentioned above.
Is my understanding correct? if not could you please guide me through the steps to enable HA.
Kind Regards,
Manjunath P N
Created 04-08-2019 12:18 PM
@Manjunath P N. I am not sure of all the steps, but they should be outlined here - https://web.mit.edu/kerberos/krb5-devel/doc/admin/install_kdc.html.
Created 10-25-2017 04:14 AM