On Thu, 23 Apr 2015, Shaik M wrote:
We have recently deployed FreeIPA for our Hadoop environment.
Recently, Ambari community released 2.0, where this version supports MIT
kerberos. Which means Ambri create the all service principals using with
As I know, "kadmin.local" wont work for FreeIPA kerberos to create the
Please let me know, is there any alternative ways to create the principals
using with "kadmin.local",.
It will great helpful for us if can do with "kadmin.local", or-else we have
to move back to MIT Kerberos.
No, at this time it is not possible to use. I've looked at the Ambari
code and it shouldn't be hard to implement FreeIPA-specific
KerberosOperationHandler that does proper thing by calling out IPA
Part of problem with MITKerberosOperationHandler.java is that you have
no way to pass any arguments and options to kadmin/kadmin.local at all,
so even to make it working will go with patching that code. At this
point it is easier to rewrite it to use 'ipa' and ipa-getkeytab
utilities altogether because the code is trivial.
/ Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project