- In order to enable kerberos, the hdinsight cluster must be created with enterprise security package enabled?
Yes, in order to enable kerberos you need to create HDInsight cluster with ESP enabled.
- Is it possible to enable esp after creating hdinsight cluster?
No, it is not possible to enable ESP after creating HDInsight cluster.
Note: HDInsight cluster nodes with Enterprise Security Package (ESP) are joined to a domain that's managed by Azure AD DS. Kerberos security is configured for the Hadoop components on the cluster.
Make sure you have configured a HDInsight cluster with Enterprise Security Package by using Azure Active Directory Domain Services.
While creating a cluster => Select Custom create and Enable Enterprise Security Package.
For more details refer “Configured a HDInsight cluster with Enterprise Security Package by using Azure Active Directory Domain Services”.
Hope this helps.