You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by "Sumit Gupta (JIRA)" <ji...@apache.org> on 2014/10/15 22:40:33 UTC

[jira] [Created] (AMBARI-7799) Add Knox kerberos setup to the existing Ambari security capabilities

Sumit Gupta created AMBARI-7799:
-----------------------------------

             Summary: Add Knox kerberos setup to the existing Ambari security capabilities
                 Key: AMBARI-7799
                 URL: https://issues.apache.org/jira/browse/AMBARI-7799
             Project: Ambari
          Issue Type: Task
          Components: stacks
    Affects Versions: 1.7.0
            Reporter: Sumit Gupta


Documentation for setting up Knox to use kerberos can be found here:

http://knox.apache.org/books/knox-0-5-0/knox-0-5-0.html#Secure+Clusters

To summarize some of the things that need to be done besides the keytab creation:

1. the krb5 conf files need to be created and templated to work with the cluster setup.
2. gateway-site.xml needs to be modified to enable security and point to the krb5 conf files
3. Other services that Knox is configured to work with may also need some configuration changes. Specifically, core-site.xml, webhcat-site.xml and oozie-site.xml all need to be modified to setup Knox as a trusted proxy




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)