@Ashnee Sharma
Notice krb5-auth-dialog is optional
Assuming you installed the KDC server
yum -y install krb5-server krb5-libs krb5-auth-dialog
Assuming you installed the KDC clients
yum -y install krb5-auth-dialog krb5-workstation
Your /etc/krb5.conf looks like below and copied to all the hosts in the cluster
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
EXAMPLE.COM = {
kdc = kdc.examplecom
admin_server = kdc.examplecom
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COMYour kdc.conf should resemble this
[kdcdefaults]
kdc_ports = 88
kdc_tcp_ports = 88
[realms]
EXAMPLE.COM = {
#master_key_type = aes256-cts
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
}
You kadm5.acl in /var/kerberos/krb5kdc as below
*/admin@EAMPLE.COM *
Can you create an admin principal as suit
# kadmin.local -q "addprinc admin/admin"
Authenticating as principal admin/admin@EXAMPLE.COM with password.
WARNING: no policy specified for admin/admin@EXAMPLE.COM; defaulting to no policy
Enter password for principal "admin/admin@EXAMPLE.COM":
Re-enter password for principal "admin/admin@EXAMPLE.COM":
Principal "admin/admin@EXAMPLE.COM" created.
This is the principal you should use for the Ambari Kerberos,make sure you started the appropriate daemons below
Centos7/RHEL7
# systemctl start krb5kdc
# systemctl start kadmin
Centos6/RHEL6
# systemctl start krb5kdc
# systemctl start kadmin
All should be fine please let me know
