Enabling kerberos on Azure hdinsight cluster

Question

I have deployed standard(without ESP) Azure HDInsight cluster version 3.6. I need to enable Kerberos authentication for this hdinsight cluster. But I could not see Kerberos option in Ambari Admin. My question is 1. In order to enable kerberos, the hdinsight cluster must be created with enterprise security package enabled? 2. Is it possible to enable esp after creating hdinsight cluster?

Appreciate your help.

Thanks

Hi @Vijayabhaskar, If my answer is helpful for you, you can accept it as answer( click on the check mark beside the answer to toggle it from greyed out to filled in.). This can be beneficial to other community members. Thank you. — CHEEKATLAPRADEEP-MSFT

CHEEKATLAPRADEEP-MSFT CHEEKATLAPRADEEP-MSFT · Accepted Answer · 2019-10-29T08:50:21

In order to enable kerberos, the hdinsight cluster must be created with enterprise security package enabled?

Yes, in order to enable kerberos you need to create HDInsight cluster with ESP enabled.

Is it possible to enable esp after creating hdinsight cluster?

No, it is not possible to enable ESP after creating HDInsight cluster.

Note: HDInsight cluster nodes with Enterprise Security Package (ESP) are joined to a domain that's managed by Azure AD DS. Kerberos security is configured for the Hadoop components on the cluster.

Make sure you have configured a HDInsight cluster with Enterprise Security Package by using Azure Active Directory Domain Services.

While creating a cluster => Select Custom create and Enable Enterprise Security Package.

For more details refer “Configured a HDInsight cluster with Enterprise Security Package by using Azure Active Directory Domain Services”.

Hope this helps.

Enabling kerberos on Azure hdinsight cluster

2 Answers