Shaik... I find it interesting that special options need to be passed to kadmin to create principals. Was the response you received from a mailing list or a forum site?
I am not sure about the GA release date for 2.1. According to https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=30755705, the release data is TBD. Rob From: Shaik M <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Thursday, April 23, 2015 at 2:27 AM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: FreeIPA Support for Ambari 2.0 Hi Rob, Thank you for your prompt response. Here I got response from FreeIPA community =================================== No, at this time it is not possible to use. I've looked at the Ambari code and it shouldn't be hard to implement FreeIPA-specific KerberosOperationHandler that does proper thing by calling out IPA tools. Part of problem with MITKerberosOperationHandler.java is that you have no way to pass any arguments and options to kadmin/kadmin.local at all, so even to make it working will go with patching that code. At this point it is easier to rewrite it to use 'ipa' and ipa-getkeytab utilities altogether because the code is trivial. https://github.com/apache/ambari/blob/ed231beaddaf6347d4defb2fb26d75849c0cafc9/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.java For now I'll go ahead with plain Kerberos setup for 2.0. Please let us know, when 2.1 will be GA release ? Regards, Shaik [https://ssl.gstatic.com/ui/v1/icons/mail/images/cleardot.gif] On 22 April 2015 at 21:49, Robert Levas <[email protected]<mailto:[email protected]>> wrote: Hi Shaik... I am not familiar with FreeIPA. Looking at the docs, however, it appears that the underlying KDC and supporting tools are from the MIT packages. This leads me to think that it may work as long as you know how to tell Ambari where the KDC and admin host and ports are. If you try it and cannot get Ambari to work with FreeIPA, you should have better luck with Ambari 2.1. In Ambari 2.1, we are adding a feature to allow Kerberos to be enabled more like it was with Ambari 1.7. So you will be able to install your own Kerberos packages and create your own principals and keytabs. If I get a chance, I will try to install FreeIPA and see how well it is supported. I am not sure when I will get to this, maybe towards the end of next week. Rob From: Shaik M <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Wednesday, April 22, 2015 at 7:11 AM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: FreeIPA Support for Ambari 2.0 Ambari Team - Kindly provide your suggestions.... On 22 April 2015 at 13:50, Shaik M <[email protected]<mailto:[email protected]>> wrote: Hi, I am using FreeIPA for Secure cluster with Ambari 1.7. Please let me know the FreeIPA support for Ambari 2.0. Regards, Shaik On 21 April 2015 at 22:14, Shaik M <[email protected]<mailto:[email protected]>> wrote: Hi Team, Amabri 2.0 will support FreeIPA? we are planning to upgrade Amabri 1.7 to 2.0, please let know the 2.0 comparability for FreeIPA. Thank You, Shaik M
