Support Questions

shidarah · ‎10-24-2017

I want to use High Availability for kerberos.

If anyone have the method, Please give me the infomation.

Regards,

rlevas · ‎10-24-2017

Your question is a bit broad. Are you looking to set up a KDC (or Active Directory) for high availability or configure Ambari to connect to replicated KDCs or Active Directories?

If you are looking to set up a replicated KDC, this is probably not the forum for that. However if you are setting up an MIT KDC, you can following docs from https://web.mit.edu/kerberos/krb5-devel/doc/admin/install_kdc.html.

From the Ambari side, as of Ambari 2.4.0, you can specify multiple KDC hosts to be set in the Ambari-managed krb5.conf file. Also, you will want to set the master_kdc value for the realm. There is a field in the Enable Kerberos Wizard in Ambari 2.5.1 and above for this (Advanced kerberos-env -> Master KDC host) or you can manually add it to the krb5.conf template under "Advanced krb5-conf".

Whether the krb5,conf file is managed by Ambari or not, the realm specification for your realm should look something like

    EXAMPLE.COM = {
        kdc = kdc1.example.com
        kdc = kdc2.example.com
        master_kdc = kdc1.example.com
    }

View solution in original post

jsensharma · ‎10-24-2017

@Hiroshi Shidara

From Ambari 2.4 onwards you can define "kdc_hosts" which can have comma separated values for KDC : https://issues.apache.org/jira/browse/AMBARI-13240

Apache Ambari Docs: https://cwiki.apache.org/confluence/display/AMBARI/Automated+Kerberizaton#AutomatedKerberizaton-kdc_...

.

shidarah · ‎10-25-2017

@Jay SenSharma

Thank you for your infomation and the document.

I refer to it.

rlevas · ‎10-24-2017

@Hiroshi Shidara

Your question is a bit broad. Are you looking to set up a KDC (or Active Directory) for high availability or configure Ambari to connect to replicated KDCs or Active Directories?

If you are looking to set up a replicated KDC, this is probably not the forum for that. However if you are setting up an MIT KDC, you can following docs from https://web.mit.edu/kerberos/krb5-devel/doc/admin/install_kdc.html.

From the Ambari side, as of Ambari 2.4.0, you can specify multiple KDC hosts to be set in the Ambari-managed krb5.conf file. Also, you will want to set the master_kdc value for the realm. There is a field in the Enable Kerberos Wizard in Ambari 2.5.1 and above for this (Advanced kerberos-env -> Master KDC host) or you can manually add it to the krb5.conf template under "Advanced krb5-conf".

Whether the krb5,conf file is managed by Ambari or not, the realm specification for your realm should look something like

    EXAMPLE.COM = {
        kdc = kdc1.example.com
        kdc = kdc2.example.com
        master_kdc = kdc1.example.com
    }

Manjunath · ‎04-08-2019

Hi Robert,

Could you please clarify me some doubts.

I have installed kerberos in my cluster and its working fine.

Now i have to enable HA for Kerberos so as per my understanding I should install KDC in another server which acts as Standby and then I should update krb5.conf file on both servers as mentioned above.

Is my understanding correct? if not could you please guide me through the steps to enable HA.

Kind Regards,

Manjunath P N

rlevas · ‎04-08-2019

@Manjunath P N. I am not sure of all the steps, but they should be outlined here - https://web.mit.edu/kerberos/krb5-devel/doc/admin/install_kdc.html.

shidarah · ‎10-25-2017

@Robert Levas

@Jay Sensharma

Thank you for your infomation.

We will try the practice.

Cloudera Community

Cloudera Community

Support Questions

How to setup High Availability for kerberos