ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/kerberos.json - ambari - Git at Google

 {
   "services": [
     {
       "name": "RANGER_KMS",
       "identities": [
         {
           "name": "/spnego",
           "keytab": {
             "configuration": "kms-site/hadoop.kms.authentication.kerberos.keytab"
           }
         },
         {
           "name": "/smokeuser"
         }
       ],
       "auth_to_local_properties" : [
         "kms-site/hadoop.kms.authentication.kerberos.name.rules"
       ],
       "configurations": [
         {
           "kms-site": {
             "hadoop.kms.authentication.type": "kerberos",
             "hadoop.kms.authentication.kerberos.principal": "*"
           }
         },
         {
           "ranger-kms-audit": {
             "xasecure.audit.jaas.Client.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule",
             "xasecure.audit.jaas.Client.loginModuleControlFlag": "required",
             "xasecure.audit.jaas.Client.option.useKeyTab": "true",
             "xasecure.audit.jaas.Client.option.storeKey": "false",
             "xasecure.audit.jaas.Client.option.serviceName": "solr",
             "xasecure.audit.destination.solr.force.use.inmemory.jaas.config": "true"
           }
         }
       ],
       "components": [
         {
           "name": "RANGER_KMS_SERVER",
           "identities": [
             {
               "name": "/spnego",
               "principal": {
                 "configuration": "kms-site/hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.principal"
               },
               "keytab": {
                 "configuration": "kms-site/hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.keytab"
               }
             },
             {
               "name": "/smokeuser"
             },
             {
               "name": "rangerkms",
               "principal": {
                 "value": "rangerkms/_HOST@${realm}",
                 "type" : "service",
                 "configuration": "dbks-site/ranger.ks.kerberos.principal",
                 "local_username" : "keyadmin"
               },
               "keytab": {
                 "file": "${keytab_dir}/rangerkms.service.keytab",
                 "owner": {
                   "name": "${kms-env/kms_user}",
                   "access": "r"
                 },
                 "configuration": "dbks-site/ranger.ks.kerberos.keytab"
               }
             },
             {
               "name": "/RANGER_KMS/RANGER_KMS_SERVER/rangerkms",
               "principal": {
                 "configuration": "ranger-kms-audit/xasecure.audit.jaas.Client.option.principal"
               },
               "keytab": {
                 "configuration": "ranger-kms-audit/xasecure.audit.jaas.Client.option.keyTab"
               }
             }
           ]
         }
       ]
     }
   ]
 }
	{
	"services": [
	{
	"name": "RANGER_KMS",
	"identities": [
	{
	"name": "/spnego",
	"keytab": {
	"configuration": "kms-site/hadoop.kms.authentication.kerberos.keytab"
	}
	},
	{
	"name": "/smokeuser"
	}
	],
	"auth_to_local_properties" : [
	"kms-site/hadoop.kms.authentication.kerberos.name.rules"
	],
	"configurations": [
	{
	"kms-site": {
	"hadoop.kms.authentication.type": "kerberos",
	"hadoop.kms.authentication.kerberos.principal": "*"
	}
	},
	{
	"ranger-kms-audit": {
	"xasecure.audit.jaas.Client.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule",
	"xasecure.audit.jaas.Client.loginModuleControlFlag": "required",
	"xasecure.audit.jaas.Client.option.useKeyTab": "true",
	"xasecure.audit.jaas.Client.option.storeKey": "false",
	"xasecure.audit.jaas.Client.option.serviceName": "solr",
	"xasecure.audit.destination.solr.force.use.inmemory.jaas.config": "true"
	}
	}
	],
	"components": [
	{
	"name": "RANGER_KMS_SERVER",
	"identities": [
	{
	"name": "/spnego",
	"principal": {
	"configuration": "kms-site/hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.principal"
	},
	"keytab": {
	"configuration": "kms-site/hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.keytab"
	}
	},
	{
	"name": "/smokeuser"
	},
	{
	"name": "rangerkms",
	"principal": {
	"value": "rangerkms/_HOST@${realm}",
	"type" : "service",
	"configuration": "dbks-site/ranger.ks.kerberos.principal",
	"local_username" : "keyadmin"
	},
	"keytab": {
	"file": "${keytab_dir}/rangerkms.service.keytab",
	"owner": {
	"name": "${kms-env/kms_user}",
	"access": "r"
	},
	"configuration": "dbks-site/ranger.ks.kerberos.keytab"
	}
	},
	{
	"name": "/RANGER_KMS/RANGER_KMS_SERVER/rangerkms",
	"principal": {
	"configuration": "ranger-kms-audit/xasecure.audit.jaas.Client.option.principal"
	},
	"keytab": {
	"configuration": "ranger-kms-audit/xasecure.audit.jaas.Client.option.keyTab"
	}
	}
	]
	}
	]
	}
	]
	}