Launch security wizard via Ambari (under Admin > Kerberos) and enter below:
The ‘Configure Kerberos’ page is the only one you will need to update. Enter the below then click Next on all remaining screens.
KDC host: FQDN of KDC (Ambari) node
Realm name: HORTONWORKS.COM
Kadmin host: FQDN of KDC (Ambari) node
Admin principal: admin/admin
On ‘Configure Identities’ page, users will be shown the option to customize the keytabs/principals for all components:
The Nifi ones are under Advanced tab:
Click Next to proceed using the default keytab/principal names
Click Next to proceed through all remaining steps of the wizard.
What’s happening to Nifi under the covers when security wizard runs?
a) NiFi principal and keytabs will be automatically be created/distributed across the cluster where needed by Ambari
b) Kerberos-related nifi.properties fields will automatically be updated:
c) Login provider will also be switched to kerberos under the covers
d) As part of the process, other HDF components were also kerberized including ‘Ambari Infra’ service. This mean that Ranger audits are now being written to kerberized Solr
After security wizard completes, NiFi’s kerberos details will appear alongside other components (under Admin > Kerberos). At this point, Kerberos security will be enabled for all components running on the cluster:
On a node running Nifi, you can run below commands to:
...verify the keytab was generated and list its principal