@Sam Red On the KDC server which can be the same as the Ambari server or any server in the cluster install both rpm's on all # yum install -y krb5-server krb5-workstation Edit Server Configuration Files cd /var/kerberos/krb5kdc Edit these 2 files kdc.conf kadm5.acl Mine are save # cat kadm5.acl */admin@TEST.COM * # cat kdc.conf [kdcdefaults] kdc_ports = 88 kdc_tcp_ports = 88 [realms] TEST.COM = { #master_key_type = aes256-cts acl_file = /var/kerberos/krb5kdc/kadm5.acl dict_file = /usr/share/dict/words admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal Edit the Client Configuration This file should be available on the KDC server edit it and copy it to the same path to all the other nodes # cat /etc/krb5.conf [libdefaults] renew_lifetime = 7d forwardable = true default_realm = TEST.COM ticket_lifetime = 24h dns_lookup_realm = false dns_lookup_kdc = false default_ccache_name = /tmp/krb5cc_%{uid} #default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5 #default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5 [domain_realm] test.com = TEST.COM .test.com = TEST.COM [logging] default = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log kdc = FILE:/var/log/krb5kdc.log [realms] TEST.COM = { admin_server = kdc.TEST.com kdc = kdc.test.com } } Note the FQDN Create the KDC Database # sudo kdb5_util create -s -r TEST.COM Confirm password twice Start and Enable Kerberos # systemctl start krb5kdc kadmin Create Principals # kadmin.local kadmin.local: addprinc root/admin quit # sudo systemctl start krb5kdc kadmin # sudo systemctl enable krb5kdc kadmin On the Ambari UI enable Kerberos root/admin@TEST.CH password {password_created_earlier} This should take you through the procedure. Make sure the KDC is up and running ! ... View more