Support Questions

Find answers, ask questions, and share your expertise

Status of FreeIPA support

Do we officially support using HDP with FreeIPA and do any of our customers use FreeIPA to secure large clusters?

I found a workshop for FreeIPA+Kerberos integration with Sandbox 2.1.

1 ACCEPTED SOLUTION

@Arpit Agarwal @Ali Bajwa

As per my understanding, there is no official endorsement or certification approval. We know that HDP works with Microsoft AD/LDAP, MIT KDC and FreeIPA.

Adding Balaji in the thread.

@bganesan@hortonworks.com

View solution in original post

6 REPLIES 6

@Arpit Agarwal

There is no such support guide and as far as I know there is no official support guide for FreeIPA.

We do have customers running kerborized HDP with IPA (with IPA support coming from RedHat) using the manual option of Ambari kerberos wizard. There is a JIRA logged for Ambari to officially support IPA as one of the options (as of Ambari 2.1.x the options are AD, MIT KDC and manual). The idea behind is for Ambari to help automate principal/keytab creation and distribution similar to how it does for AD/KDC. See https://issues.apache.org/jira/browse/AMBARI-6432 for more details

Thanks @Ali Bajwa. Would you know how to find out who are those customers? A large customer is experimenting with FreeIPA and wants to hear about others' experiences in the field.

I would recommend asking this on internal channels (sme-security email list or hipchat channel). We can not discuss customers on public forums.

@Arpit Agarwal @Ali Bajwa

As per my understanding, there is no official endorsement or certification approval. We know that HDP works with Microsoft AD/LDAP, MIT KDC and FreeIPA.

Adding Balaji in the thread.

@bganesan@hortonworks.com