On Thu, 23 Apr 2015, Shaik M wrote:
Hi,

We have recently deployed FreeIPA for our Hadoop environment.

Recently, Ambari community released 2.0, where this version supports MIT
kerberos. Which means Ambri create the all service principals using with
"kadmin.local".

As I know, "kadmin.local" wont work for FreeIPA kerberos to create the
principals. :(

Please let me know, is there any alternative ways to create the principals
using with "kadmin.local",.

It will great helpful for us if can do with "kadmin.local", or-else we have
to move back to MIT Kerberos.
No, at this time it is not possible to use. I've looked at the Ambari
code and it shouldn't be hard to implement FreeIPA-specific
KerberosOperationHandler that does proper thing by calling out IPA
tools.

Part of problem with MITKerberosOperationHandler.java is that you have
no way to pass any arguments and options to kadmin/kadmin.local at all,
so even to make it working will go with patching that code. At this
point it is easier to rewrite it to use 'ipa' and ipa-getkeytab
utilities altogether because the code is trivial.

https://github.com/apache/ambari/blob/ed231beaddaf6347d4defb2fb26d75849c0cafc9/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java
--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to