@Jacqualin jasmin The answers to your questions are related to how you set up your KDC. Technically the realm name can be anything, but should at least be in all uppercase characters. Typically realm names match or are similar to domain names. For you, you might use CORP.INFINITY.COM or maybe HADOOP.INFINITY.COM if you wanted to be explicit on the usage of the principals in the realm. It could also be totally random, like MY.REALM. In any case, when filling in the forms in the Enable Kerberos Wizard you would add the following to the domains field in order to create a mapping from the domain names in your cluster to the realm name: corp.infinity.com, .corp.infinity.com The administrator credentials are relative to the accounts in the KDC. Just like any other account in any other system, the user that installs and manages the KDC will create this and have this information. Typically the administrator accounts will have a "/admin" attached to it for various reasons: to easily visually identify this as an administrator account and to easily set the ACLs in the KDC (depending on the KDC you are using). I typically use "admin/admin" as the principal name (with my realm name attached - for example admin/admin@EXAMPLE.COM. But this is all relative and it can also be any account as long as the KDC is set up to use that as an administrator account. For example jjasmin@EXAMPLE.COM. When I use the acronym "KDC", this included generic KDCs like the MIT KDC as well as the an Active Directory. Here is a script the can help install an MIT KDC - this one is for Centos6, but I have them for other Linux flavors as well - install-kdcsh.txt (rename this to install-kdc.sh). This installs an MIT KDC with the realm EXAMPLE.COM and an administrator account with: Principal: admin/admin@EXAMPLE.COM Password: hadoop If you walk through Ambari's Enable Kerberos Wizard, it will prompt you for information it needs. Once complete it will set up the krb5.conf files, create the necessary principals, and distribute the required keytab files. You just need to set up the KDC and provide the details about that - host where the KDC is installed, type of KDC, realm, and administrator credentials. ... View more

@Sami Ahmad Looking at the error: 29 Nov 2016 15:49:43,526 WARN [ambari-client-thread-1242] MITKerberosOperationHandler:459 - Failed to execute kadmin: Command: [/usr/bin/kadmin, -s, hadoop1.tolls.dot.state.fl.us, -p, K/M@TOLLS.DOT.STATE.FL.US, -r, TOLLS.DOT.STATE.FL.US, -q, get_principal K/M@TOLLS.DOT.STATE.FL.US] ExitCode: 1 STDOUT: Authenticating as principal K/M@TOLLS.DOT.STATE.FL.US with password. STDERR: kadmin: Clients credentials have been revoked while initializing kadmin interface It appears that the admin account you are using has been locked out. See http://web.mit.edu/Kerberos/krb5-1.13/doc/admin/lockout.html for more information on this. ... View more