Security Wizard: UI tweaks. (jaimin)

ambari-agent/src/main/puppet/modules/hdp-hadoop/manifests/hdfs/decommission.pp

@@ -26,7 +26,7 @@ class hdp-hadoop::hdfs::decommission(
   }
 
   $kinit_path = $hdp::params::kinit_path_local
-  $keytab_path = "${hdp::params::keytab_path}/hdfs.headless.keytab"
+  $keytab_path = $hdp::params::hdfs_user_keytab
   $hdfs_user = $hdp::params::hdfs_user
   $kinit_cmd = "su - ${hdfs_user} -c '${kinit_path} -kt ${keytab_path} ${hdfs_user}'"
 

ambari-agent/src/main/puppet/modules/hdp-hadoop/manifests/init.pp

@@ -378,10 +378,10 @@ define hdp-hadoop::exec-hadoop(
 
   if (($security_enabled == true) and ($kinit_override == false)) {
     if ($run_user in [$hdfs_user,'root']) {
-      $keytab = "${hdp::params::keytab_path}/hdfs.headless.keytab"
+      $keytab = $hdp::params::hdfs_user_keytab
       $principal = $hdfs_user
     } elsif ($run_user in [$hbase_user]) {
-      $keytab = "${hdp::params::keytab_path}/hbase.headless.keytab"
+      $keytab = $hdp::params::hbase_user_keytab
       $principal = $hbase_user
     } else {
       $keytab = $hdp::params::smokeuser_keytab

ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/hbase/service_check.pp

@@ -26,7 +26,7 @@ class hdp-hbase::hbase::service_check() inherits hdp-hbase::params
   $conf_dir = $hdp::params::hbase_conf_dir
   $smoke_user_keytab = $hdp::params::smokeuser_keytab
   $hbase_user = $hdp-hbase::params::hbase_user
-  $hbase_keytab = "${hdp-hbase::params::keytab_path}/hbase.headless.keytab"
+  $hbase_keytab = $hdp::params::hbase_user_keytab
   $test_cmd = "fs -test -e ${output_file}"
   $serviceCheckData = hdp_unique_id_and_date()
   $kinit_cmd = "${hdp::params::kinit_path_local} -kt ${smoke_user_keytab} ${smoke_test_user};"

ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/params.pp

@@ -88,16 +88,19 @@ class hdp-hbase::params() inherits hdp::params
   $hbase_master_jaas_config_file = hdp_default("hbase_master_jaas_config_file", "${conf_dir}/hbase_master_jaas.conf")
   $hbase_regionserver_jaas_config_file = hdp_default("hbase_regionserver_jaas_config_file", "${conf_dir}/hbase_regionserver_jaas.conf")
 
-  $hbase_keytab_path = hdp_default("hbase-site/hbase.master.keytab.file", "${keytab_path}/hbase.service.keytab")
+  $hbase_master_keytab_path = hdp_default("hbase-site/hbase.master.keytab.file", "${keytab_path}/hbase.service.keytab")
+  $hbase_regionserver_keytab_path = hdp_default("hbase-site/hbase.regionserver.keytab.file", "${keytab_path}/hbase.service.keytab")
   $hbase_master_principal = hdp_default("hbase-site/hbase.master.kerberos.principal", "hbase/_HOST@${kerberos_domain}")
   $hbase_regionserver_principal = hdp_default("hbase-site/hbase.regionserver.kerberos.principal", "hbase/_HOST@${kerberos_domain}")
 
   $hbase_primary_name = hdp_default("hbase_primary_name", "hbase")
   $hostname = $hdp::params::hostname
   if ($use_hostname_in_principal) {
-    $hbase_jaas_princ = "${hbase_primary_name}/${hostname}@${kerberos_domain}"
+    $hbase_master_jaas_princ = "${hbase_master_primary_name}/${hostname}@${kerberos_domain}"
+    $hbase_regionserver_jaas_princ = "${hbase_regionserver_primary_name}/${hostname}@${kerberos_domain}"
   } else {
-    $hbase_jaas_princ = "${hbase_primary_name}@${kerberos_domain}"
+    $hbase_master_jaas_princ = "${hbase_master_principal_name}@${kerberos_domain}"
+    $hbase_regionserver_jaas_princ = "${hbase_regionserver_primary_name}@${kerberos_domain}"
   }
 
   $smokeuser_permissions = hdp_default("smokeuser_permissions", "RWXCA")

ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_master_jaas.conf.erb

@@ -3,6 +3,6 @@ com.sun.security.auth.module.Krb5LoginModule required
 useKeyTab=true
 storeKey=true
 useTicketCache=false
-keyTab="<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_keytab_path")%>"
-principal="<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_jaas_princ")%>";
+keyTab="<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_master_keytab_path")%>"
+principal="<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_master_jaas_princ")%>";
 };

ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_regionserver_jaas.conf.erb

@@ -3,6 +3,6 @@ com.sun.security.auth.module.Krb5LoginModule required
 useKeyTab=true
 storeKey=true
 useTicketCache=false
-keyTab="<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_keytab_path")%>"
-principal="<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_jaas_princ")%>";
+keyTab="<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_regionserver_keytab_path")%>"
+principal="<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_regionserver_jaas_princ")%>";
 };

ambari-agent/src/main/puppet/modules/hdp/manifests/params.pp

@@ -56,6 +56,8 @@ class hdp::params()
   $keytab_path = hdp_default("keytab_path", "/etc/security/keytabs")
   $use_hostname_in_principal = hdp_default("instance_name", true)
   $smokeuser_keytab = hdp_default("smokeuser_keytab", "/etc/security/keytabs/smokeuser.headless.keytab")
+  $hdfs_user_keytab = hdp_default("hdfs_user_keytab", "/etc/security/keytabs/hdfs.headless.keytab")
+  $hbase_user_keytab = hdp_default("hbase_user_keytab", "/etc/security/keytabs/hbase.headless.keytab")
   $nagios_keytab_path = hdp_default("nagios_keytab_path", "/etc/security/keytabs/nagios.service.keytab")
   $nagios_principal_name = hdp_default("nagios_principal_name", "nagios")
 

ambari-web/app/controllers/main/admin/security/add/step2.js

@@ -25,6 +25,7 @@ App.MainAdminSecurityAddStep2Controller = Em.Controller.extend({
   stepConfigs: [],
   installedServices: [],
   selectedService: null,
+  securityUsers: [],
 
   isSubmitDisabled: function () {
     return !this.stepConfigs.filterProperty('showConfig', true).everyProperty('errorCount', 0);
@@ -32,6 +33,7 @@ App.MainAdminSecurityAddStep2Controller = Em.Controller.extend({
 
   clearStep: function () {
     this.get('stepConfigs').clear();
+    this.get('securityUsers').clear();
   },
 
 
@@ -41,6 +43,8 @@ App.MainAdminSecurityAddStep2Controller = Em.Controller.extend({
   loadStep: function () {
     console.log("TRACE: Loading addSecurity step2: Configure Services");
     this.clearStep();
+    this.loadUsers();
+    this.addUserPrincipals(this.get('content.services'));
     this.addMasterHostToGlobals(this.get('content.services'));
     this.addSlaveHostToGlobals(this.get('content.services'));
     this.renderServiceConfigs(this.get('content.services'));
@@ -127,6 +131,47 @@ App.MainAdminSecurityAddStep2Controller = Em.Controller.extend({
     }
   },
 
+  loadUsers: function() {
+    var securityUsers = App.router.get('mainAdminSecurityController').get('serviceUsers');
+    if (!securityUsers || securityUsers.length < 1) { // Page could be refreshed in middle
+      if (App.testMode) {
+        securityUsers.pushObject({id: 'puppet var', name: 'hdfs_user', value: 'hdfs'});
+        securityUsers.pushObject({id: 'puppet var', name: 'mapred_user', value: 'mapred'});
+        securityUsers.pushObject({id: 'puppet var', name: 'hbase_user', value: 'hbase'});
+        securityUsers.pushObject({id: 'puppet var', name: 'hive_user', value: 'hive'});
+        securityUsers.pushObject({id: 'puppet var', name: 'smokeuser', value: 'ambari-qa'});
+      } else {
+        App.router.get('mainAdminSecurityController').setSecurityStatus();
+        securityUsers = App.router.get('mainAdminSecurityController').get('serviceUsers');
+      }
+    }
+    this.set('securityUsers',securityUsers);
+  },
+
+  addUserPrincipals: function(serviceConfigs) {
+    var securityUsers = this.get('securityUsers');
+    var smokeUser = securityUsers.findProperty('name', 'smokeuser');
+    var hdfsUser = securityUsers.findProperty('name', 'hdfs_user');
+    var hbaseUser = securityUsers.findProperty('name', 'hbase_user');
+    var generalService = serviceConfigs.findProperty('serviceName', 'GENERAL');
+    var smokeUserPrincipal = generalService.configs.findProperty('name', 'smokeuser_principal_name');
+    var hdfsUserPrincipal = generalService.configs.findProperty('name', 'hdfs_principal_name');
+    var hbaseUserPrincipal = generalService.configs.findProperty('name', 'hbase_principal_name');
+    var hbaseUserKeytab = generalService.configs.findProperty('name', 'hbase_user_keytab');
+    var hbaseService = serviceConfigs.findProperty('serviceName', 'HBASE');
+    if(smokeUser && smokeUserPrincipal) {
+      smokeUserPrincipal.defaultValue = smokeUser.value;
+    }
+    if(hdfsUser && hdfsUserPrincipal) {
+      hdfsUserPrincipal.defaultValue = hdfsUser.value;
+    }
+    if(hbaseService && hbaseUser && hbaseUserPrincipal) {
+      hbaseUserPrincipal.defaultValue = hbaseUser.value;
+      hbaseUserPrincipal.isVisible = true;
+      hbaseUserKeytab.isVisible = true;
+    }
+  },
+
   addSlaveHostToGlobals: function(serviceConfigs){
     var hdfsService = serviceConfigs.findProperty('serviceName', 'HDFS');
     var mapReduceService = serviceConfigs.findProperty('serviceName', 'MAPREDUCE');
@@ -139,9 +184,8 @@ App.MainAdminSecurityAddStep2Controller = Em.Controller.extend({
   addMasterHostToGlobals: function (serviceConfigs) {
     var oozieService = serviceConfigs.findProperty('serviceName', 'OOZIE');
     var hiveService = serviceConfigs.findProperty('serviceName', 'HIVE');
-    var webHcatService = App.Service.find().mapProperty('serviceName').contains('WEBHCAT');
+    var webHcatService = serviceConfigs.findProperty('serviceName', 'WEBHCAT');
     var nagiosService = serviceConfigs.findProperty('serviceName', 'NAGIOS');
-    var generalService = serviceConfigs.findProperty('serviceName', 'GENERAL');
     var hbaseService = serviceConfigs.findProperty('serviceName', 'HBASE');
     var zooKeeperService = serviceConfigs.findProperty('serviceName', 'ZOOKEEPER');
     var hdfsService = serviceConfigs.findProperty('serviceName', 'HDFS');
@@ -149,12 +193,11 @@ App.MainAdminSecurityAddStep2Controller = Em.Controller.extend({
     if (oozieService) {
       var oozieServerHost = oozieService.configs.findProperty('name', 'oozie_servername');
       var oozieServerPrincipal = oozieService.configs.findProperty('name', 'oozie_principal_name');
-      var oozieSpnegoPrincipal =  generalService.configs.findProperty('name', 'oozie_http_principal_name');
+      var oozieSpnegoPrincipal =  oozieService.configs.findProperty('name', 'oozie_http_principal_name');
       if (oozieServerHost && oozieServerPrincipal && oozieSpnegoPrincipal) {
         oozieServerHost.defaultValue = App.Service.find('OOZIE').get('hostComponents').findProperty('componentName', 'OOZIE_SERVER').get('host.hostName');
         oozieServerPrincipal.defaultValue = 'oozie/' + oozieServerHost.defaultValue;
         oozieSpnegoPrincipal.defaultValue = 'HTTP/' + oozieServerHost.defaultValue;
-        oozieSpnegoPrincipal.isVisible = true;
       }
     }
     if (hiveService) {
@@ -163,13 +206,12 @@ App.MainAdminSecurityAddStep2Controller = Em.Controller.extend({
         hiveServerHost.defaultValue = App.Service.find('HIVE').get('hostComponents').findProperty('componentName', 'HIVE_SERVER').get('host.hostName');
       }
     }
-
     if(webHcatService) {
-      var webHcatHost =  App.Service.find('WEBHCAT').get('hostComponents').findProperty('componentName', 'WEBHCAT_SERVER').get('host.hostName');
-      var webHcatSpnegoPrincipal =  generalService.configs.findProperty('name', 'webHCat_http_principal_name');
+      var webHcatHost =  webHcatService.configs.findProperty('name', 'webhcatserver_host');
+      var webHcatSpnegoPrincipal =  webHcatService.configs.findProperty('name', 'webHCat_http_principal_name');
       if(webHcatHost && webHcatSpnegoPrincipal) {
-        webHcatSpnegoPrincipal.defaultValue = 'HTTP/' + webHcatHost;
-        webHcatSpnegoPrincipal.isVisible = true;
+        webHcatHost.defaultValue =  App.Service.find('WEBHCAT').get('hostComponents').findProperty('componentName', 'WEBHCAT_SERVER').get('host.hostName');
+        webHcatSpnegoPrincipal.defaultValue = 'HTTP/' + webHcatHost.defaultValue;
       }
     }
 

ambari-web/app/controllers/main/admin/security/add/step3.js

@@ -61,6 +61,9 @@ App.MainAdminSecurityAddStep3Controller = Em.Controller.extend({
     }
     var isHbaseInstalled = App.Service.find().findProperty('serviceName', 'HBASE');
     var generalConfigs = configs.filterProperty('serviceName', 'GENERAL');
+    var hdfsConfigs = configs.filterProperty('serviceName', 'HDFS');
+    var webHcatConfigs = configs.filterProperty('serviceName', 'WEBHCAT');
+    var oozieConfigs = configs.filterProperty('serviceName', 'OOZIE');
     var realm = generalConfigs.findProperty('name', 'kerberos_domain').value;
     var smokeUserId = securityUsers.findProperty('name', 'smokeuser').value;
     var hdfsUserId = securityUsers.findProperty('name', 'hdfs_user').value;
@@ -76,10 +79,14 @@ App.MainAdminSecurityAddStep3Controller = Em.Controller.extend({
     var hdfsUser = hdfsUserId + '@' + realm;
     var hbaseUser = hbaseUserId + '@' + realm;
     var smokeUserKeytabPath = generalConfigs.findProperty('name', 'smokeuser_keytab').value;
-    var hdfsUserKeytabPath = generalConfigs.findProperty('name', 'keytab_path').value + "/hdfs.headless.keytab";
-    var hbaseUserKeytabPath = generalConfigs.findProperty('name', 'keytab_path').value + "/hbase.headless.keytab";
-    var httpPrincipal = generalConfigs.findProperty('name', 'hadoop_http_principal_name');
-    var httpKeytabPath = generalConfigs.findProperty('name', 'hadoop_http_keytab').value;
+    var hdfsUserKeytabPath = generalConfigs.findProperty('name', 'hdfs_user_keytab').value;
+    var hbaseUserKeytabPath = generalConfigs.findProperty('name', 'hbase_user_keytab').value;
+    var hadoopHttpPrincipal = hdfsConfigs.findProperty('name', 'hadoop_http_principal_name');
+    var hadoopHttpKeytabPath = hdfsConfigs.findProperty('name', 'hadoop_http_keytab').value;
+    var webHCatHttpPrincipal = webHcatConfigs.findProperty('name', 'webHCat_http_principal_name');
+    var webHCatHttpKeytabPath = webHcatConfigs.findProperty('name', 'webhcat_http_keytab').value;
+    var oozieHttpPrincipal = oozieConfigs.findProperty('name', 'oozie_http_principal_name');
+    var oozieHttpKeytabPath = oozieConfigs.findProperty('name', 'oozie_http_keytab').value;
     var componentToOwnerMap = {
       'NAMENODE': hdfsUserId,
       'SECONDARY_NAMENODE': hdfsUserId,
@@ -127,14 +134,34 @@ App.MainAdminSecurityAddStep3Controller = Em.Controller.extend({
         });
       }
       if(host.get('hostComponents').someProperty('componentName', 'NAMENODE') ||
-        host.get('hostComponents').someProperty('componentName', 'SECONDARY_NAMENODE') ||
-        host.get('hostComponents').someProperty('componentName', 'WEBHCAT_SERVER') ||
-        host.get('hostComponents').someProperty('componentName', 'OOZIE_SERVER')){
+        host.get('hostComponents').someProperty('componentName', 'SECONDARY_NAMENODE')){
         result.push({
           host: host.get('hostName'),
-          component: Em.I18n.t('admin.addSecurity.user.httpUser'),
-          principal: httpPrincipal.value.replace('_HOST', host.get('hostName')) + httpPrincipal.unit,
-          keytab: httpKeytabPath,
+          component: Em.I18n.t('admin.addSecurity.hdfs.user.httpUser'),
+          principal: hadoopHttpPrincipal.value.replace('_HOST', host.get('hostName')) + hadoopHttpPrincipal.unit,
+          keytab: hadoopHttpKeytabPath,
+          owner: 'root',
+          group: hadoopGroupId,
+          acl: '440'
+        });
+      }
+      if (host.get('hostComponents').someProperty('componentName', 'WEBHCAT_SERVER')) {
+        result.push({
+          host: host.get('hostName'),
+          component: Em.I18n.t('admin.addSecurity.webhcat.user.httpUser'),
+          principal: webHCatHttpPrincipal.value.replace('_HOST', host.get('hostName')) + webHCatHttpPrincipal.unit,
+          keytab: webHCatHttpKeytabPath,
+          owner: 'root',
+          group: hadoopGroupId,
+          acl: '440'
+        });
+      }
+      if (host.get('hostComponents').someProperty('componentName', 'OOZIE_SERVER')) {
+        result.push({
+          host: host.get('hostName'),
+          component: Em.I18n.t('admin.addSecurity.oozie.user.httpUser'),
+          principal: oozieHttpPrincipal.value.replace('_HOST', host.get('hostName')) + oozieHttpPrincipal.unit,
+          keytab: oozieHttpKeytabPath,
           owner: 'root',
           group: hadoopGroupId,
           acl: '440'

ambari-web/app/data/secure_configs.js

@@ -26,11 +26,12 @@ var configProperties = App.SecureConfigProperties.create();
 module.exports = [
   {
     serviceName: 'GENERAL',
-    displayName: 'Kerberos',
+    displayName: 'General',
     configCategories: [
-      App.ServiceConfigCategory.create({ name: 'KERBEROS', displayName: 'General'})
+      App.ServiceConfigCategory.create({ name: 'KERBEROS', displayName: 'Kerberos'}),
+      App.ServiceConfigCategory.create({ name: 'AMBARI', displayName: 'Ambari'})
     ],
-    sites: ['global','webhcat-site'],
+    sites: ['global'],
     configs: configProperties.filterProperty('serviceName', 'GENERAL')
   },
   {
@@ -52,7 +53,7 @@ module.exports = [
     displayName: 'MapReduce',
     filename: 'mapred-site',
     configCategories: [
-      App.ServiceConfigCategory.create({ name: 'JobTracker', displayName: 'JobTracker'}),
+      App.ServiceConfigCategory.create({ name: 'JobTracker', displayName: 'JobTracker and Job History Server'}),
       App.ServiceConfigCategory.create({ name: 'TaskTracker', displayName: 'TaskTracker'})
     ],
     sites: ['mapred-site'],
@@ -64,17 +65,28 @@ module.exports = [
     displayName: 'Hive',
     filename: 'hive-site',
     configCategories: [
-      App.ServiceConfigCategory.create({ name: 'Hive Metastore', displayName: 'Hive Metastore'})
+      App.ServiceConfigCategory.create({ name: 'Hive Metastore', displayName: 'Hive Metastore and Hive Server 2'})
     ],
     sites: ['hive-site'],
     configs: configProperties.filterProperty('serviceName', 'HIVE')
   },
+  {
+    serviceName: 'WEBHCAT',
+    displayName: 'WebHCat',
+    filename: 'webhcat-site',
+    configCategories: [
+      App.ServiceConfigCategory.create({ name: 'WebHCat Server', displayName : 'WebHCat Server'})
+    ],
+    sites: ['webhcat-site'],
+    configs: configProperties.filterProperty('serviceName', 'WEBHCAT')
+  },
   {
     serviceName: 'HBASE',
     displayName: 'HBase',
     filename: 'hbase-site',
     configCategories: [
-      App.ServiceConfigCategory.create({ name: 'HBase', displayName: 'HBase'})
+      App.ServiceConfigCategory.create({ name: 'HBase Master', displayName : 'HBase Master'}),
+      App.ServiceConfigCategory.create({ name: 'RegionServer', displayName : 'RegionServer'})
     ],
     sites: ['hbase-site'],
     configs: configProperties.filterProperty('serviceName', 'HBASE')

ambari-web/app/data/secure_mapping.js

@@ -36,13 +36,13 @@ module.exports = [
 
   {
     "name": "hadoop.security.auth_to_local",
-    "templateName": ["jobtracker_primary_name", "kerberos_domain", "mapred_user", "tasktracker_primary_name", "namenode_primary_name", "hdfs_user", "datanode_primary_name", "hbase_primary_name", "hbase_user"],
+    "templateName": ["jobtracker_primary_name", "kerberos_domain", "mapred_user", "tasktracker_primary_name", "namenode_primary_name", "hdfs_user", "datanode_primary_name", "hbase_master_primary_name", "hbase_user","hbase_regionserver_primary_name"],
     "foreignKey": null,
-    "value": "RULE:[2:$1@$0](<templateName[0]>@.*<templateName[1]>)s/.*/<templateName[2]>/\nRULE:[2:$1@$0](<templateName[3]>@.*<templateName[1]>)s/.*/<templateName[2]>/\nRULE:[2:$1@$0](<templateName[4]>@.*<templateName[1]>)s/.*/<templateName[5]>/\nRULE:[2:$1@$0](<templateName[6]>@.*<templateName[1]>)s/.*/<templateName[5]>/\nRULE:[2:$1@$0](<templateName[7]>@.*<templateName[1]>)s/.*/<templateName[8]>/\nDEFAULT",
+    "value": "RULE:[2:$1@$0](<templateName[0]>@.*<templateName[1]>)s/.*/<templateName[2]>/\nRULE:[2:$1@$0](<templateName[3]>@.*<templateName[1]>)s/.*/<templateName[2]>/\nRULE:[2:$1@$0](<templateName[4]>@.*<templateName[1]>)s/.*/<templateName[5]>/\nRULE:[2:$1@$0](<templateName[6]>@.*<templateName[1]>)s/.*/<templateName[5]>/\nRULE:[2:$1@$0](<templateName[7]>@.*<templateName[1]>)s/.*/<templateName[8]>/\nRULE:[2:$1@$0](<templateName[9]>@.*<templateName[1]>)s/.*/<templateName[8]>/\nDEFAULT",
     "filename": "core-site.xml",
     "serviceName": "HDFS",
     "dependedServiceName": "HBASE",
-    "replace": "\nRULE:[2:$1@$0](<templateName[7]>@.*<templateName[1]>)s/.*/<templateName[8]>/"
+    "replace": "\nRULE:[2:$1@$0](<templateName[7]>@.*<templateName[1]>)s/.*/<templateName[8]>/\nRULE:[2:$1@$0](<templateName[9]>@.*<templateName[1]>)s/.*/<templateName[8]>/"
   },
   {
     "name": "dfs.namenode.kerberos.principal",
@@ -62,14 +62,14 @@ module.exports = [
   },
   {
     "name": "dfs.secondary.namenode.kerberos.principal",
-    "templateName": ["namenode_principal_name", "kerberos_domain"],
+    "templateName": ["snamenode_principal_name", "kerberos_domain"],
     "foreignKey": null,
     "value": "<templateName[0]>@<templateName[1]>",
     "filename": "hdfs-site.xml"
   },
   {
     "name": "dfs.secondary.namenode.keytab.file",
-    "templateName": ["namenode_keytab"],
+    "templateName": ["snamenode_keytab"],
     "foreignKey": null,
     "value": "<templateName[0]>",
     "filename": "hdfs-site.xml",
@@ -197,7 +197,7 @@ module.exports = [
   },
   {
     "name": "hbase.master.kerberos.principal",
-    "templateName": ["hbase_principal_name", "kerberos_domain"],
+    "templateName": ["hbase_master_principal_name", "kerberos_domain"],
     "foreignKey": null,
     "value": "<templateName[0]>@<templateName[1]>",
     "filename": "hbase-site.xml",
@@ -205,7 +205,7 @@ module.exports = [
   },
   {
     "name": "hbase.master.keytab.file",
-    "templateName": ["hbase_service_keytab"],
+    "templateName": ["hbase_master_keytab"],
     "foreignKey": null,
     "value": "<templateName[0]>",
     "filename": "hbase-site.xml",
@@ -213,7 +213,7 @@ module.exports = [
   },
   {
     "name": "hbase.regionserver.kerberos.principal",
-    "templateName": ["hbase_principal_name", "kerberos_domain"],
+    "templateName": ["hbase_regionserver_principal_name", "kerberos_domain"],
     "foreignKey": null,
     "value": "<templateName[0]>@<templateName[1]>",
     "filename": "hbase-site.xml",
@@ -221,7 +221,7 @@ module.exports = [
   },
   {
     "name": "hbase.regionserver.keytab.file",
-    "templateName": ["hbase_service_keytab"],
+    "templateName": ["hbase_regionserver_keytab"],
     "foreignKey": null,
     "value": "<templateName[0]>",
     "filename": "hbase-site.xml",
@@ -253,7 +253,7 @@ module.exports = [
   },
   {
     "name": "hive.metastore.kerberos.keytab.file",
-    "templateName": ["hive_metastore__keytab"],
+    "templateName": ["hive_metastore_keytab"],
     "foreignKey": null,
     "value": "<templateName[0]>",
     "filename": "hive-site.xml",
@@ -269,7 +269,7 @@ module.exports = [
   },
   {
     "name": "hive.server2.authentication.kerberos.keytab",
-    "templateName": ["hive_metastore__keytab"],
+    "templateName": ["hive_metastore_keytab"],
     "foreignKey": null,
     "value": "<templateName[0]>",
     "filename": "hive-site.xml",
@@ -333,7 +333,7 @@ module.exports = [
   },
   {
     "name": "oozie.authentication.kerberos.keytab",
-    "templateName": ["hadoop_http_keytab"],
+    "templateName": ["oozie_http_keytab"],
     "foreignKey": null,
     "value": "<templateName[0]>",
     "filename": "oozie-site.xml",
@@ -341,13 +341,13 @@ module.exports = [
   },
   {
     "name": "oozie.authentication.kerberos.name.rules",
-    "templateName": ["jobtracker_primary_name", "kerberos_domain", "mapred_user", "tasktracker_primary_name", "namenode_primary_name", "hdfs_user", "datanode_primary_name", "hbase_primary_name", "hbase_user"],
+    "templateName": ["jobtracker_primary_name", "kerberos_domain", "mapred_user", "tasktracker_primary_name", "namenode_primary_name", "hdfs_user", "datanode_primary_name", "hbase_master_primary_name", "hbase_user","hbase_regionserver_primary_name"],
     "foreignKey": null,
-    "value": "RULE:[2:$1@$0](<templateName[0]>@.*<templateName[1]>)s/.*/<templateName[2]>/\nRULE:[2:$1@$0](<templateName[3]>@.*<templateName[1]>)s/.*/<templateName[2]>/\nRULE:[2:$1@$0](<templateName[4]>@.*<templateName[1]>)s/.*/<templateName[5]>/\nRULE:[2:$1@$0](<templateName[6]>@.*<templateName[1]>)s/.*/<templateName[5]>/\nRULE:[2:$1@$0](<templateName[7]>@.*<templateName[1]>)s/.*/<templateName[8]>/\nDEFAULT",
+    "value": "RULE:[2:$1@$0](<templateName[0]>@.*<templateName[1]>)s/.*/<templateName[2]>/\nRULE:[2:$1@$0](<templateName[3]>@.*<templateName[1]>)s/.*/<templateName[2]>/\nRULE:[2:$1@$0](<templateName[4]>@.*<templateName[1]>)s/.*/<templateName[5]>/\nRULE:[2:$1@$0](<templateName[6]>@.*<templateName[1]>)s/.*/<templateName[5]>/\nRULE:[2:$1@$0](<templateName[7]>@.*<templateName[1]>)s/.*/<templateName[8]>/\nRULE:[2:$1@$0](<templateName[9]>@.*<templateName[1]>)s/.*/<templateName[8]>/\nDEFAULT",
     "filename": "oozie-site.xml",
     "serviceName": "OOZIE",
     "dependedServiceName": "HBASE",
-    "replace": "\nRULE:[2:$1@$0](<templateName[7]>@.*<templateName[1]>)s/.*/<templateName[8]>/"
+    "replace": "\nRULE:[2:$1@$0](<templateName[7]>@.*<templateName[1]>)s/.*/<templateName[8]>/\nRULE:[2:$1@$0](<templateName[9]>@.*<templateName[1]>)s/.*/<templateName[8]>/"
   },
   {
     "name": "templeton.kerberos.principal",
@@ -359,7 +359,7 @@ module.exports = [
   },
   {
     "name": "templeton.kerberos.keytab",
-    "templateName": ["hadoop_http_keytab"],
+    "templateName": ["webhcat_http_keytab"],
     "foreignKey": null,
     "value": "<templateName[0]>",
     "filename": "webhcat-site.xml",

ambari-web/app/data/secure_properties.js

@@ -53,7 +53,7 @@ module.exports =
       "isVisible": false,
       "isOverridable": false,
       "serviceName": "GENERAL",
-      "category": "KERBEROS"
+      "category": "AMBARI"
     },
     {
       "id": "puppet var",
@@ -71,7 +71,7 @@ module.exports =
     {
       "id": "puppet var",
       "name": "kinit_path_local",
-      "displayName": "kinit path",
+      "displayName": "Kinit path",
       "value": "",
       "defaultValue": "/usr/bin/kinit",
       "description": "Path to installed kinit command",
@@ -83,68 +83,84 @@ module.exports =
     },
     {
       "id": "puppet var",
-      "name": "hadoop_http_principal_name",
-      "displayName": "DFS Web Principal name",
+      "name": "smokeuser_principal_name",
+      "displayName": "Smoke test user Principal",
       "value": "",
-      "defaultValue": "HTTP/_HOST",
-      "description": "Principal name for spnego access for NameNode and SNameNode. _HOST will get automatically replaced with actual hostname at instance of NameNode and SNameNode",
-      "displayType": "advanced",
+      "defaultValue": "ambari-qa",
+      "description": "This is the principal name for Smoke test user",
+      "displayType": "principal",
       "isVisible": true,
       "isOverridable": false,
+      "isReconfigurable": false,
       "serviceName": "GENERAL",
-      "category": "KERBEROS"
+      "category": "AMBARI"
     },
     {
       "id": "puppet var",
-      "name": "oozie_http_principal_name",
-      "displayName": "Oozie Web Principal name",
+      "name": "smokeuser_keytab",
+      "displayName": "Path to smoke test user keytab file",
       "value": "",
-      "defaultValue": "HTTP/_HOST",
-      "description": "Principal name for spnego access for Oozie",
-      "displayType": "advanced",
-      "isVisible": false,
+      "defaultValue": "/etc/security/keytabs/smokeuser.headless.keytab",
+      "description": "Path to keytab file for smoke test user",
+      "displayType": "directory",
+      "isVisible": true,
       "isOverridable": false,
       "serviceName": "GENERAL",
-      "category": "KERBEROS"
+      "category": "AMBARI"
     },
     {
       "id": "puppet var",
-      "name": "webHCat_http_principal_name",
-      "displayName": "WebHCat Principal name",
+      "name": "hdfs_principal_name",
+      "displayName": "HDFS User Principal",
       "value": "",
-      "defaultValue": "HTTP/_HOST",
-      "description": "Principal name for spnego access for WebHCat",
-      "displayType": "advanced",
-      "isVisible": false,
+      "defaultValue": "hdfs",
+      "description": "This is the principal name for HDFS user",
+      "displayType": "principal",
+      "isVisible": true,
       "isOverridable": false,
+      "isReconfigurable": false,
       "serviceName": "GENERAL",
-      "category": "KERBEROS"
+      "category": "AMBARI"
     },
     {
       "id": "puppet var",
-      "name": "hadoop_http_keytab",
-      "displayName": "Path to spnego keytab file",
+      "name": "hdfs_user_keytab",
+      "displayName": "Path to HDFS user keytab file",
       "value": "",
-      "defaultValue": "/etc/security/keytabs/spnego.service.keytab",
-      "description": "Path to spnego keytab file for NameNode, SNameNode, Oozie and WebHCat",
+      "defaultValue": "/etc/security/keytabs/hdfs.headless.keytab",
+      "description": "Path to keytab file for HDFS user",
       "displayType": "directory",
       "isVisible": true,
       "isOverridable": false,
       "serviceName": "GENERAL",
-      "category": "KERBEROS"
+      "category": "AMBARI"
     },
     {
       "id": "puppet var",
-      "name": "smokeuser_keytab",
-      "displayName": "Path to smoke test user keytab file",
+      "name": "hbase_principal_name",
+      "displayName": "HBase User Principal",
       "value": "",
-      "defaultValue": "/etc/security/keytabs/smokeuser.headless.keytab",
-      "description": "Path to keytab file for smoke test user",
+      "defaultValue": "hbase",
+      "description": "This is the principal name for HBase user",
+      "displayType": "principal",
+      "isVisible": false,
+      "isOverridable": false,
+      "isReconfigurable": false,
+      "serviceName": "GENERAL",
+      "category": "AMBARI"
+    },
+    {
+      "id": "puppet var",
+      "name": "hbase_user_keytab",
+      "displayName": "Path to HBase user keytab file",
+      "value": "",
+      "defaultValue": "/etc/security/keytabs/hbase.headless.keytab",
+      "description": "Path to keytab file for Hbase user",
       "displayType": "directory",
-      "isVisible": true,
+      "isVisible": false,
       "isOverridable": false,
       "serviceName": "GENERAL",
-      "category": "KERBEROS"
+      "category": "AMBARI"
     },
 
     //HDFS
@@ -167,13 +183,13 @@ module.exports =
       "displayName": "Principal name",
       "value": "",
       "defaultValue": "nn/_HOST",
-      "description": "Principal name for NameNode and SNameNode. _HOST will get automatically replaced with actual hostname at instance of NameNode and SNameNode",
-      "displayType": "advanced",
+      "description": "Principal name for NameNode. _HOST will get automatically replaced with actual hostname at an instance of NameNode",
+      "displayType": "principal",
       "isVisible": true,
       "isOverridable": false,
       "serviceName": "HDFS",
       "category": "NameNode",
-      "components": ["NAMENODE", "SECONDARY_NAMENODE"]
+      "components": ["NAMENODE"]
     },
     {
       "id": "puppet var",
@@ -181,13 +197,13 @@ module.exports =
       "displayName": "Path to Keytab File",
       "value": "",
       "defaultValue": "/etc/security/keytabs/nn.service.keytab",
-      "description": "Path to NameNode and SNameNode keytab file",
+      "description": "Path to NameNode keytab file",
       "displayType": "directory",
       "isVisible": true,
       "isOverridable": false,
       "serviceName": "HDFS",
       "category": "NameNode",
-      "components": ["NAMENODE", "SECONDARY_NAMENODE"]
+      "components": ["NAMENODE"]
     },
     {
       "id": "puppet var",
@@ -202,6 +218,34 @@ module.exports =
       "serviceName": "HDFS",
       "category": "SNameNode"
     },
+    {
+      "id": "puppet var",
+      "name": "snamenode_principal_name",
+      "displayName": "Principal name",
+      "value": "",
+      "defaultValue": "nn/_HOST",
+      "description": "Principal name for SNameNode. _HOST will get automatically replaced with actual hostname at an instance of SNameNode",
+      "displayType": "principal",
+      "isVisible": true,
+      "isOverridable": false,
+      "serviceName": "HDFS",
+      "category": "SNameNode",
+      "components": ["SECONDARY_NAMENODE"]
+    },
+    {
+      "id": "puppet var",
+      "name": "snamenode_keytab",
+      "displayName": "Path to Keytab File",
+      "value": "",
+      "defaultValue": "/etc/security/keytabs/nn.service.keytab",
+      "description": "Path to SNameNode keytab file",
+      "displayType": "directory",
+      "isVisible": true,
+      "isOverridable": false,
+      "serviceName": "HDFS",
+      "category": "SNameNode",
+      "components": ["SECONDARY_NAMENODE"]
+    },
     {
       "id": "puppet var",
       "name": "datanode_hosts", //not in the schema. For UI purpose
@@ -248,7 +292,7 @@ module.exports =
       "value": "",
       "defaultValue": "dn/_HOST",
       "description": "Principal name for DataNode. _HOST will get automatically replaced with actual hostname at every instance of DataNode",
-      "displayType": "advanced",
+      "displayType": "principal",
       "isVisible": true,
       "isOverridable": false,
       "serviceName": "HDFS",
@@ -269,6 +313,32 @@ module.exports =
       "category": "DataNode",
       "component": "DATANODE"
     },
+    {
+      "id": "puppet var",
+      "name": "hadoop_http_principal_name",
+      "displayName": "DFS Web Principal name",
+      "value": "",
+      "defaultValue": "HTTP/_HOST",
+      "description": "Principal name for spnego access for NameNode and SNameNode. _HOST will get automatically replaced with actual hostname at instance of NameNode and SNameNode",
+      "displayType": "principal",
+      "isVisible": true,
+      "isOverridable": false,
+      "serviceName": "HDFS",
+      "category": "General"
+    },
+    {
+      "id": "puppet var",
+      "name": "hadoop_http_keytab",
+      "displayName": "Path to spnego keytab file",
+      "value": "",
+      "defaultValue": "/etc/security/keytabs/spnego.service.keytab",
+      "description": "Path to spnego keytab file for NameNode and SNameNode",
+      "displayType": "directory",
+      "isVisible": true,
+      "isOverridable": false,
+      "serviceName": "HDFS",
+      "category": "General"
+    },
     //MAPREDUCE
     {
       "id": "puppet var",
@@ -289,8 +359,8 @@ module.exports =
       "displayName": "Principal name",
       "value": "",
       "defaultValue": "jt/_HOST",
-      "description": "Principal name for JobTracker. _HOST will get automatically replaced with actual hostname at an instance of JobTracker",
-      "displayType": "advanced",
+      "description": "Principal name for JobTracker and Job History Server. _HOST will get automatically replaced with actual hostname at instance of JobTracker and Job History Server",
+      "displayType": "principal",
       "isVisible": true,
       "isOverridable": false,
       "serviceName": "MAPREDUCE",
@@ -303,7 +373,7 @@ module.exports =
       "displayName": "Path to keytab file",
       "value": "",
       "defaultValue": "/etc/security/keytabs/jt.service.keytab",
-      "description": "Path to JobTracker keytab file",
+      "description": "Path to JobTracker and Job History Server keytab file",
       "displayType": "directory",
       "isVisible": true,
       "isOverridable": false,
@@ -331,7 +401,7 @@ module.exports =
       "value": "",
       "defaultValue": "tt/_HOST",
       "description": "Principal name for TaskTracker. _HOST will get automatically replaced with actual hostname at every instance of TaskTracker",
-      "displayType": "advanced",
+      "displayType": "principal",
       "isVisible": true,
       "isOverridable": false,
       "serviceName": "MAPREDUCE",
@@ -367,6 +437,46 @@ module.exports =
       "component": "TASKTRACKER"
     },
 
+    //WEBHCAT
+    {
+      "id": "puppet var",
+      "name": "webhcatserver_host",
+      "displayName": "WebHCat Server host",
+      "value": "",
+      "defaultValue": "localhost",
+      "description": "The host that has been assigned to run WebHCat Server",
+      "displayType": "masterHost",
+      "isVisible": true,
+      "isOverridable": false,
+      "serviceName": "WEBHCAT",
+      "category": "WebHCat Server"
+    },
+    {
+      "id": "puppet var",
+      "name": "webHCat_http_principal_name",
+      "displayName": "Principal name",
+      "value": "",
+      "defaultValue": "HTTP/_HOST",
+      "description": "Principal name for spnego access for WebHCat",
+      "displayType": "principal",
+      "isVisible": true,
+      "isOverridable": false,
+      "serviceName": "WEBHCAT",
+      "category": "WebHCat Server"
+    },
+    {
+      "id": "puppet var",
+      "name": "webhcat_http_keytab",
+      "displayName": "Path to keytab file",
+      "value": "",
+      "defaultValue": "/etc/security/keytabs/spnego.service.keytab",
+      "description": "Path to spnego keytab file for WebHCat",
+      "displayType": "directory",
+      "isVisible": true,
+      "isOverridable": false,
+      "serviceName": "WEBHCAT",
+      "category": "WebHCat Server"
+    },
     //HBASE
     {
       "id": "puppet var",
@@ -379,7 +489,35 @@ module.exports =
       "isOverridable": false,
       "isVisible": true,
       "serviceName": "HBASE",
-      "category": "HBase"
+      "category": "HBase Master"
+    },
+    {
+      "id": "puppet var",
+      "name": "hbase_master_principal_name",
+      "displayName": "Principal name",
+      "value": "",
+      "defaultValue": "hbase/_HOST",
+      "description": "Principal name for HBase master. _HOST will get automatically replaced with actual hostname at an instance of HBase Master",
+      "displayType": "principal",
+      "isVisible": true,
+      "isOverridable": false,
+      "serviceName": "HBASE",
+      "category": "HBase Master",
+      "components": ["HBASE_MASTER"]
+    },
+    {
+      "id": "puppet var",
+      "name": "hbase_master_keytab",
+      "displayName": "Path to Keytab file",
+      "value": "",
+      "defaultValue": "/etc/security/keytabs/hbase.service.keytab",
+      "description": "Path to HBase master keytab file",
+      "displayType": "directory",
+      "isVisible": true,
+      "isOverridable": false,
+      "serviceName": "HBASE",
+      "category": "HBase Master",
+      "components": ["HBASE_MASTER"]
     },
     {
       "id": "puppet var",
@@ -392,35 +530,35 @@ module.exports =
       "isOverridable": false,
       "isVisible": true,
       "serviceName": "HBASE",
-      "category": "HBase"
+      "category": "RegionServer"
     },
     {
       "id": "puppet var",
-      "name": "hbase_principal_name",
+      "name": "hbase_regionserver_principal_name",
       "displayName": "Principal name",
       "value": "",
       "defaultValue": "hbase/_HOST",
-      "description": "Principal name for HBase master and RegionServer. _HOST will get automatically replaced with actual hostname at every instance of HBase master and RegionServer",
-      "displayType": "advanced",
+      "description": "Principal name for HBase RegionServer. _HOST will get automatically replaced with actual hostname at every instance of RegionServer",
+      "displayType": "principal",
       "isVisible": true,
       "isOverridable": false,
       "serviceName": "HBASE",
-      "category": "HBase",
-      "components": ["HBASE_MASTER", "HBASE_REGIONSERVER"]
+      "category": "RegionServer",
+      "components": ["HBASE_REGIONSERVER"]
     },
     {
       "id": "puppet var",
-      "name": "hbase_service_keytab",
+      "name": "hbase_regionserver_keytab",
       "displayName": "Path to Keytab file",
       "value": "",
       "defaultValue": "/etc/security/keytabs/hbase.service.keytab",
-      "description": "Path to HBase master and RegionServer keytab file",
+      "description": "Path to HBase RegionServer keytab file",
       "displayType": "directory",
       "isVisible": true,
       "isOverridable": false,
       "serviceName": "HBASE",
-      "category": "HBase",
-      "components": ["HBASE_MASTER", "HBASE_REGIONSERVER"]
+      "category": "RegionServer",
+      "components": ["HBASE_REGIONSERVER"]
     },
 
     //HIVE
@@ -430,7 +568,7 @@ module.exports =
       "displayName": "Hive Metastore host",
       "value": "",
       "defaultValue": "localhost",
-      "description": "The host that has been assigned to run Hive Metastore",
+      "description": "The host that has been assigned to run Hive Metastore and HiveServer2",
       "displayType": "masterHost",
       "isVisible": true,
       "isOverridable": false,
@@ -443,8 +581,8 @@ module.exports =
       "displayName": "Principal name",
       "value": "",
       "defaultValue": "hive/_HOST",
-      "description": "Principal name for Hive Metastore. _HOST will get automatically replaced with actual hostname at an instance of Hive Metastore",
-      "displayType": "advanced",
+      "description": "Principal name for Hive Metastore and HiveServer2. _HOST will get automatically replaced with actual hostname at an instance of Hive Metastore and HiveServer2",
+      "displayType": "principal",
       "isVisible": true,
       "isOverridable": false,
       "serviceName": "HIVE",
@@ -453,18 +591,17 @@ module.exports =
     },
     {
       "id": "puppet var",
-      "name": "hive_metastore__keytab",
+      "name": "hive_metastore_keytab",
       "displayName": "Path to Keytab file",
       "value": "",
       "defaultValue": "/etc/security/keytabs/hive.service.keytab",
-      "description": "Path to Hive Metastore keytab file",
+      "description": "Path to Hive Metastore and HiveServer2 keytab file",
       "displayType": "directory",
       "isVisible": true,
       "isOverridable": false,
       "serviceName": "HIVE",
       "category": "Hive Metastore",
       "component": "HIVE_SERVER"
-
     },
 
     //OOZIE
@@ -488,7 +625,7 @@ module.exports =
       "value": "",
       "defaultValue": "oozie/_HOST",
       "description": "Principal name for Oozie server",
-      "displayType": "advanced",
+      "displayType": "principal",
       "isVisible": true,
       "isOverridable": false,
       "serviceName": "OOZIE",
@@ -509,6 +646,32 @@ module.exports =
       "category": "Oozie Server",
       "component": "OOZIE_SERVER"
     },
+    {
+      "id": "puppet var",
+      "name": "oozie_http_principal_name",
+      "displayName": "Oozie Web Principal name",
+      "value": "",
+      "defaultValue": "HTTP/_HOST",
+      "description": "Principal name for spnego access for Oozie",
+      "displayType": "principal",
+      "isVisible": true,
+      "isOverridable": false,
+      "serviceName": "OOZIE",
+      "category": "Oozie Server"
+    },
+    {
+      "id": "puppet var",
+      "name": "oozie_http_keytab",
+      "displayName": "Path to spnego keytab file",
+      "value": "",
+      "defaultValue": "/etc/security/keytabs/spnego.service.keytab",
+      "description": "Path to spnego keytab file for oozie",
+      "displayType": "directory",
+      "isVisible": true,
+      "isOverridable": false,
+      "serviceName": "OOZIE",
+      "category": "Oozie Server"
+    },
 
     //ZooKeeper
     {
@@ -531,7 +694,7 @@ module.exports =
       "value": "",
       "defaultValue": "zookeeper/_HOST",
       "description": "Principal name for ZooKeeper. _HOST will get automatically replaced with actual hostname at every instance of zookeeper server",
-      "displayType": "advanced",
+      "displayType": "principal",
       "isVisible": true,
       "isOverridable": false,
       "serviceName": "ZOOKEEPER",
@@ -573,7 +736,7 @@ module.exports =
       "value": "",
       "defaultValue": "nagios",
       "description": "Primary name for Nagios server",
-      "displayType": "advanced",
+      "displayType": "principal",
       "isVisible": true,
       "isOverridable": false,
       "serviceName": "NAGIOS",

ambari-web/app/messages.js

@@ -628,7 +628,7 @@ Em.I18n.translations = {
   'admin.security.enable.popup.header': 'Add security',
   'admin.security.disable.popup.header': 'Remove security',
   'admin.security.disable.popup.body': 'Kerberos security will be disabled on the cluster',
-  'admin.addSecurity.header': 'Add security wizard',
+  'admin.addSecurity.header': 'Enable Security Wizard',
   'admin.security.step1.header': 'Get Started',
   'admin.security.step2.header': 'Configure Services',
   'admin.security.step3.header': 'Create Principals and Keytabs',
@@ -661,7 +661,9 @@ Em.I18n.translations = {
   'admin.addSecurity.user.smokeUser': 'Ambari Smoke Test User',
   'admin.addSecurity.user.hdfsUser': 'HDFS User',
   'admin.addSecurity.user.hbaseUser': 'HBase User',
-  'admin.addSecurity.user.httpUser': 'SPNEGO User',
+  'admin.addSecurity.hdfs.user.httpUser': 'HDFS SPNEGO User',
+  'admin.addSecurity.webhcat.user.httpUser': 'WebHCat SPNEGO User',
+  'admin.addSecurity.oozie.user.httpUser': 'Oozie SPNEGO User',
   'admin.addSecurity.enable.onClose': 'You are in the process of enabling security on your cluster. ' +
     'Are you sure you want to quit? If you quit, ' +
     'you may have to re-run the security wizard from the beginning to enable security.',

ambari-web/app/routes/add_security.js

@@ -128,6 +128,7 @@ module.exports = Em.Route.extend({
     next: function (router) {
       var addSecurityController = router.get('addSecurityController');
       addSecurityController.get('content').set('serviceConfigProperties', null);
+      App.db.setSecureConfigProperties(null);
       router.transitionTo('step2');
     }
   }),

ambari-web/app/views/wizard/controls_view.js

@@ -71,6 +71,8 @@ App.ServiceConfigTextField = Ember.TextField.extend(App.ServiceConfigPopoverSupp
     // sets the width of the field depending on display type
     if (['directory', 'url', 'email', 'user', 'host','advanced'].contains(this.get('serviceConfig.displayType'))) {
       return ['span6'];
+    } else if (this.get('serviceConfig.displayType') === 'principal'){
+      return ['span12'];
     } else {
       return ['input-small'];
     }