Hi Alex,

Thank you for your prompt reply.

Amabri community going to release new version 2.1, where they are providing
user specific Kerberos like 1.7.

For now i'll go ahead with MIT Kerberos.

Regards,
Shaik

On 23 April 2015 at 13:51, Alexander Bokovoy <aboko...@redhat.com> wrote:

> On Thu, 23 Apr 2015, Shaik M wrote:
>
>> Hi,
>>
>> We have recently deployed FreeIPA for our Hadoop environment.
>>
>> Recently, Ambari community released 2.0, where this version supports MIT
>> kerberos. Which means Ambri create the all service principals using with
>> "kadmin.local".
>>
>> As I know, "kadmin.local" wont work for FreeIPA kerberos to create the
>> principals. :(
>>
>> Please let me know, is there any alternative ways to create the principals
>> using with "kadmin.local",.
>>
>> It will great helpful for us if can do with "kadmin.local", or-else we
>> have
>> to move back to MIT Kerberos.
>>
> No, at this time it is not possible to use. I've looked at the Ambari
> code and it shouldn't be hard to implement FreeIPA-specific
> KerberosOperationHandler that does proper thing by calling out IPA
> tools.
>
> Part of problem with MITKerberosOperationHandler.java is that you have
> no way to pass any arguments and options to kadmin/kadmin.local at all,
> so even to make it working will go with patching that code. At this
> point it is easier to rewrite it to use 'ipa' and ipa-getkeytab
> utilities altogether because the code is trivial.
>
>
> https://github.com/apache/ambari/blob/ed231beaddaf6347d4defb2fb26d75849c0cafc9/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java
> --
> / Alexander Bokovoy
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to