Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

kerberos setup with AD/LDAP

kerberos setup with AD/LDAP

I want to setup kerberos with AD/LDAP . I have some queries , I have enabled kerberos MIT KDC . Enabling kerberos with MIT kdc requires to install kdc server , util , libs etc . if i want to enable kerberos with AD what is the procedure ? I am listing below points as per my understanding .

1. need ldap url .

2. need kdc hosts details ( kerberos server is installed )

is it imp to keep AD server and kerberos server seperate.

If I want kerberos server on different host , AD on different server how is the procedure to integrate kerberos with AD/ldap .

while enabling kerberos from ambari I always keep kdc hosts and AD on same server .

Kind Regards

Anurag

3 REPLIES 3

Re: kerberos setup with AD/LDAP

Mentor

@Anurag Mishra

There is a good article by Kuldeep Kulkarni specifically for setting up AD Kerberos for HDP, it will walk you through the steps and then finalize with the Ambari Kerberos wizard Setup and configure Active Directory server for Kerberos I am sure there is no better reference

Other resources

Configuring Kerberos with Active Directory

HTH

Re: kerberos setup with AD/LDAP

Explorer

Hi @Geoffrey Shelton Okot

I have a quick question while configuring Kerberos with AD in Ambari wizard we have some prerequisites one of them is AD's SSL, is it really mandatory?

If yes can we add the certificate later once after enabling Kerberos?

Regards,

Manjunath P N

Re: kerberos setup with AD/LDAP

Mentor

@Anurag Mishra

AD SSL is not mandatory to implement Kerberos, that's something you could do later. To put simply, Kerberos is a protocol for establishing mutual identity trust, or authentication, for a client and a server, via a trusted third-party, whereas TLS/SSL ensures the authentication of the server alone, and only if its public key has already been established as trustworthy via another channel.

Both provide secure communication between the server and the client.