ambari/ambari-web/app/assets/data/wizard/kerberos/stack_descriptors.json

{
  "properties": {
    "realm": "${cluster-env/kerberos_domain}",
    "keytab_dir": "/etc/security/keytabs"
  },
  "identities": [
    {
      "name": "spnego",
      "principal": {
        "value": "HTTP/_HOST@${realm}"
      },
      "keytab": {
        "file": "${keytab_dir}/spnego.service.keytab",
        "owner": {
          "name": "root",
          "access": "r"
        },
        "group": {
          "name": "${cluster-env/user_group}",
          "access": "r"
        }
      }
    }
  ],
  "configurations": [
    {
      "core-site": {
        "hadoop.security.authentication": "kerberos",
        "hadoop.rpc.protection": "authentication; integrity; privacy",
        "hadoop.security.authorization": "true"
      }
    }
  ],
  "services": [
    {
      "name": "HDFS",
      "components": [
        {
          "name": "NAMENODE",
          "identities": [
            {
              "name": "namenode_nn",
              "principal": {
                "value": "nn/_HOST@${realm}",
                "configuration": "hdfs-site/dfs.namenode.kerberos.principal"
              },
              "keytab": {
                "file": "${keytab_dir}/nn.service.keytab",
                "owner": {
                  "name": "${hadoop-env/hdfs_user}",
                  "access": "r"
                },
                "group": {
                  "name": "${cluster-env/user_group}",
                  "access": ""
                },
                "configuration": "hdfs-site/dfs.namenode.keytab.file"
              }
            },
            {
              "name": "namenode_host",
              "principal": {
                "value": "host/_HOST@${realm}",
                "configuration": "hdfs-site/dfs.namenode.kerberos.https.principal"
              },
              "keytab": {
                "file": "${keytab_dir}/host.keytab",
                "owner": {
                  "name": "${hadoop-env/hdfs_user}",
                  "access": "r"
                },
                "group": {
                  "name": "${cluster-env/user_group}",
                  "access": ""
                },
                "configuration": "hdfs-site/dfs.namenode.keytab.file"
              }
            },
            {
              "name": "/spnego",
              "principal": {
                "configuration": "hdfs-site/dfs.web.authentication.kerberos.principal"
              },
              "keytab": {
                "configuration": "hdfs/dfs.web.authentication.kerberos.keytab"
              }
            }
          ]
        },
        {
          "name": "DATANODE",
          "identities": [
            {
              "name": "datanode_dn",
              "principal": {
                "value": "dn/_HOST@${realm}",
                "configuration": "hdfs-site/dfs.namenode.kerberos.principal"
              },
              "keytab": {
                "file": "${keytab_dir}/dn.service.keytab",
                "owner": {
                  "name": "${hadoop-env/hdfs_user}",
                  "access": "r"
                },
                "group": {
                  "name": "${cluster-env/user_group}",
                  "access": ""
                },
                "configuration": "hdfs-site/dfs.namenode.keytab.file"
              }
            },
            {
              "name": "datanode_host",
              "principal": {
                "value": "host/_HOST@${realm}",
                "configuration": "hdfs-site/dfs.datanode.kerberos.https.principal"
              },
              "keytab": {
                "file": "${keytab_dir}/host.keytab.file",
                "owner": {
                  "name": "${hadoop-env/hdfs_user}",
                  "access": "r"
                },
                "group": {
                  "name": "${cluster-env/user_group}",
                  "access": ""
                },
                "configuration": "hdfs-site/dfs.namenode.secondary.keytab.file"
              }
            }
          ]
        },
        {
          "name": "SECONDARY_NAMENODE",
          "identities": [
            {
              "name": "secondary_namenode_nn",
              "principal": {
                "value": "nn/_HOST@${realm}",
                "configuration": "hdfs-site/dfs.namenode.secondary.kerberos.principal"
              },
              "keytab": {
                "file": "${keytab_dir}/snn.service.keytab",
                "owner": {
                  "name": "${hadoop-env/hdfs_user}",
                  "access": "r"
                },
                "group": {
                  "name": "${cluster-env/user_group}",
                  "access": ""
                },
                "configuration": "hdfs-site/dfs.namenode.secondary.keytab.file"
              }
            },
            {
              "name": "secondary_namenode_host",
              "principal": {
                "value": "host/_HOST@${realm}",
                "configuration": "hdfs-site/dfs.namenode.secondary.kerberos.https.principal"
              },
              "keytab": {
                "file": "${keytab_dir}/host.keytab.file",
                "owner": {
                  "name": "${hadoop-env/hdfs_user}",
                  "access": "r"
                },
                "group": {
                  "name": "${cluster-env/user_group}",
                  "access": ""
                },
                "configuration": "hdfs-site/dfs.namenode.secondary.keytab.file"
              }
            },
            {
              "name": "/spnego",
              "principal": {
                "configuration": "hdfs-site/dfs.web.authentication.kerberos.principal"
              },
              "keytab": {
                "configuration": "hdfs/dfs.web.authentication.kerberos.keytab"
              }
            }
          ]
        }
      ]
    }
  ]
}