Manage Kerberos

The Manage Kerberos action encapsulates enabling, reconfiguring, and disabling of Kerberos for the cluster services. To run it, you need an installed ADPS cluster (see Get started with Arenadata Platform Security) and one or more KDCs (Key Distribution Center).

NOTE
This action has the same purpose as the Manage Kerberos action in ADH.

To run the action, go to the Clusters page, find your ADPS cluster, click actions default light actions default dark in the Actions column, and select the action from the drop-down menu that appears.

Running an action
Running an action

The pop-up window suggests several options to run the action:

Kerberos activation options
Kerberos activation options
IMPORTANT
Running the action with one KDC type enabled will trigger Kerberos activation.

Custom kerberization settings

The Custom kerberization settings option allows the user to choose kerberization steps, for example, creation of principals and keytabs.

Custom kerberization settings
Custom kerberization settings parameters
Custom kerberization settings parameter description
Parameter Description Default value

Set up Kerberos utils

Enables installation or removal of Kerberos clients and utils. Affects the Expand and Install actions

True

Configure Kerberos on hosts

Enables cluster configuration, including krb5.conf, ldap.conf

True

Set up principals and keytabs

Enables creation, recreation, or removal of principals and keytabs. Passwords for principals are generated randomly before keytab creation. Affects the Expand and Install actions. ADCM bundle will set up owner and permissions for keytabs only if this checkbox is selected in the cluster configuration. In case of absence of admin permissions, a customer should provide the prepared keytabs with correctly set owner and permissions (see Custom keytab recommendations)

True

Configure services and clients

Enables updating of services and clients configuration

True

Run service checks

Enables service check runs

True

Custom keytab recommendations

Below is the table with recommendations for owners, groups, and permissions for keytabs.

Keytab recommendations
Component short name Keytab owner Keytab group Permissions

zookeeper

zookeeper

zookeeper

600

solr

solr

solr

600

rangeradmin

ranger

ranger

600

rangerkms

kms

kms

600

rangerlookup

ranger

ranger

600

rangertagsync

ranger

ranger

600

rangerusersync

ranger

ranger

600

knox

knox

knox

600

HTTP

root

hadoop

640

Found a mistake? Seleсt text and press Ctrl+Enter to report it