I want to setup kerberos with AD/LDAP . I have some queries , I have enabled kerberos MIT KDC . Enabling kerberos with MIT kdc requires to install kdc server , util , libs etc . if i want to enable kerberos with AD what is the procedure ? I am listing below points as per my understanding .
1. need ldap url .
2. need kdc hosts details ( kerberos server is installed )
is it imp to keep AD server and kerberos server seperate.
If I want kerberos server on different host , AD on different server how is the procedure to integrate kerberos with AD/ldap .
while enabling kerberos from ambari I always keep kdc hosts and AD on same server .
There is a good article by Kuldeep Kulkarni specifically for setting up AD Kerberos for HDP, it will walk you through the steps and then finalize with the Ambari Kerberos wizard Setup and configure Active Directory server for Kerberos I am sure there is no better reference
I have a quick question while configuring Kerberos with AD in Ambari wizard we have some prerequisites one of them is AD's SSL, is it really mandatory?
If yes can we add the certificate later once after enabling Kerberos?
Manjunath P N
AD SSL is not mandatory to implement Kerberos, that's something you could do later. To put simply, Kerberos is a protocol for establishing mutual identity trust, or authentication, for a client and a server, via a trusted third-party, whereas TLS/SSL ensures the authentication of the server alone, and only if its public key has already been established as trustworthy via another channel.
Both provide secure communication between the server and the client.