[jira] [Commented] (AMBARI-7204) Ambari Automated Kerberization

Wed, 24 Sep 2014 14:07:59 -0700 

    [ 
https://issues.apache.org/jira/browse/AMBARI-7204?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14146886#comment-14146886
 ] 

Robert Levas commented on AMBARI-7204:
--------------------------------------

[~eronwright], I am in the process of updating the technical document.  In it, 
I have an updated description of the API and will add a section on configuring 
the KDCs (single KDC, multiple cross-realm trusts, etc...).   

I know that JCE is needed the larger bit encryption algorithms like AES-256, 
however I am not aware of any JCE configuration requirements.  Can you 
elaborate?  In any case, I believe that the initial take on this feature will 
require JCE to be installed manually if needed. 



> Ambari Automated Kerberization
> ------------------------------
>
>                 Key: AMBARI-7204
>                 URL: https://issues.apache.org/jira/browse/AMBARI-7204
>             Project: Ambari
>          Issue Type: Epic
>          Components: ambari-server, security, stacks
>    Affects Versions: 2.0.0
>         Environment: Kerberos
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>              Labels: active-directory, authentication, kerberos, 
> mit-kerberos, security, stack
>             Fix For: 2.0.0
>
>         Attachments: AmbariClusterKerberization.pdf
>
>   Original Estimate: 2,016h
>  Remaining Estimate: 2,016h
>
> *Problem*
> Manually installing and setting up Kerberos for a secure Hadoop cluster is 
> error prone, largely manual and a potential source of configuration problems. 
> It requires many steps where configuration files and credentials may need to 
> be distributed across many nodes.  Because of this the process is time 
> consuming and lead to a high probability of user error.
> The problem is exacerbated when the cluster is modified by adding or removing 
> nodes and services.
> *Solution*
> Use Ambari to secure the cluster using Kerberos.  By automating the process 
> of setting up Kerberos, the repetitive tasks of distributing configuration 
> details and credentials can be done in parallel to the nodes within the 
> cluster.  This also negates most user-related errors due to the lack of 
> interaction a user has with the process.  
> See [^AmbariClusterKerberization.pdf] for more details.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to