Sets up kerberos client and openldap client for providers in and out of cluster. When using external krb5 provider (like AD or external MIT). User is expected to provide accurate krb5-* configs in their definition.
AD example:
krb5_realm: MYREALM.COM
krb5_kdc_admin_user: "admin-user@{{ krb5_realm }}"
krb5_kdc_admin_password:
krb5_kdc_host:
krb5_kdc_type: Active Directory
krb5_kdc_active_directory_prefix: "pvc-"
krb5_kdc_active_directory_suffix: "OU=some-ou,DC=company,DC=com"
krb5_enc_types: aes256-cts rc4-hmac
krb5_kdc_active_directory_set_encryption_types: true
MIT Example:
krb5_realm: MYREALM.COM
krb5_kdc_admin_user: "cloudera-scm/admin@{{ krb5_realm }}"
krb5_kdc_admin_password: "mypass"
krb5_kdc_type: MIT KDC
krb5_enc_types: "aes256-cts aes128-cts"
Signed-off-by: Chuck Levesque <clevesque@cloudera.com>
Sets up kerberos client and openldap client for providers in and out of cluster. When using external krb5 provider (like AD or external MIT). User is expected to provide accurate krb5-* configs in their definition. AD example: krb5_realm: MYREALM.COM krb5_kdc_admin_user: "admin-user@{{ krb5_realm }}" krb5_kdc_admin_password: krb5_kdc_host: krb5_kdc_type: Active Directory krb5_kdc_active_directory_prefix: "pvc-" krb5_kdc_active_directory_suffix: "OU=some-ou,DC=company,DC=com" krb5_enc_types: aes256-cts rc4-hmac krb5_kdc_active_directory_set_encryption_types: true