Support Questions
Find answers, ask questions, and share your expertise

What is the lifecycle of users created with Ambari in AD - removal/(re-)creation?

Solved Go to solution

What is the lifecycle of users created with Ambari in AD - removal/(re-)creation?

Expert Contributor
 
1 ACCEPTED SOLUTION

Accepted Solutions

Re: What is the lifecycle of users created with Ambari in AD - removal/(re-)creation?

Creation: Users are created in AD upon initial kerberization, as well as adding services, or hosts to the cluster. A test principal is created during the wizard to test the kerberos client configuration and operations, as well as all of the appropriate principals for the services that are deployed in the cluster. During that process, passwords are generated and set in Active Directory. Those passwords are not permanently stored in Ambari and are only used for keytab generation.

Update: Post-wizard completion, the principal regeneration process will regenerate and set those passwords in AD.

Deletion: During removal of services, or hosts, or disabling kerberos, the appropriate principals are removed from AD.

View solution in original post

3 REPLIES 3

Re: What is the lifecycle of users created with Ambari in AD - removal/(re-)creation?

Creation: Users are created in AD upon initial kerberization, as well as adding services, or hosts to the cluster. A test principal is created during the wizard to test the kerberos client configuration and operations, as well as all of the appropriate principals for the services that are deployed in the cluster. During that process, passwords are generated and set in Active Directory. Those passwords are not permanently stored in Ambari and are only used for keytab generation.

Update: Post-wizard completion, the principal regeneration process will regenerate and set those passwords in AD.

Deletion: During removal of services, or hosts, or disabling kerberos, the appropriate principals are removed from AD.

View solution in original post

Re: What is the lifecycle of users created with Ambari in AD - removal/(re-)creation?

Expert Contributor

This is prime RunBook material!

Re: What is the lifecycle of users created with Ambari in AD - removal/(re-)creation?

I'll work on getting this and the password creation methods into the docs ASAP.