Kerberos authentication with Active Directory (AD) supportEdit online OverviewKerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography.PrerequisitesInstall and Configure Active DirectoryA Domain Controller (DC) allows the creation of logical containers. These containers consist of users, computers and groups. The Domain Controllers also help in organizing and managing the Servers.Enable Kerberos on existing Active DirectoryThis section lists the steps to enable Kerberos on existing Active Directory.Configuring AD in AmbariThis section describes how to configure Kerberos with existing AD through the Ambari GUI.Create a one-way trust from an MIT KDC to Active DirectoryInstead of using the KDC of Active Directory server to manage service principals, use a local MIT KDC in the Hadoop cluster to manage the service principals while using a one-way trust to allow AD users to utilize the Hadoop environment.Configure Transparency with Active DirectoryThis section describes how to configure HDFS Transparency (without HDP) with Active Directory. Configure SSSD for TransparencyThe System Security Services Daemon (SSSD) provides a set of daemons to manage access to remote directories and authentication mechanisms.Parent topic: Kerberos