关于Ambari的安全、访问控制在这里有非常详细的介绍。

http://pivotalhd.docs.pivotal.io/docs/security-guide-ambari-2.1.2.html

另外还可以参考这一篇

https://community.hortonworks.com/articles/39865/enabling-https-for-ambariserver-and-troubleshootin.html

Ambari用来管理大数据集群非常的方便，但是默认只支持HTTP协议，需要手动安装、配置才能支持HTTPS协议。
步骤如下：
1、登陆到Ambari Server所在主机，依次执行如下命令

1）
openssl genrsa -out $wserver.key 2048
2）
openssl req -new -key $wserver.key -out $wserver.csr
3）
openssl x509 -req -days 365 -in $wserver.csr -signkey $wserver.key -out $wserver.crt注：$wserver 就是Ambari Server 的host nameThe certificate you use must be PEM-encoded, not DER-encoded. If you attempt to use a DER-encoded certificate, you see the following error:unable to load certificate 140109766494024:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c :698:Expecting: TRUSTED CERTIFICATEYou can convert a DER-encoded certificate to a PEM-encoded certificate using the following command:openssl x509 -in cert.crt -inform der -outform pem -out cert.pemwhere cert.crt is the DER-encoded certificate and cert.pem is the resulting PEM-encoded certificate.2、执行 ambari-server setup-security命令Select 1 for Enable HTTPS for Ambari server.Respond y to Do you want to configure HTTPS ?Select the port you want to use for SSL. The default port number is 8443.Provide the complete path to your certificate file ($wserver.crt from above) and private key file ($wserver.key from above).Provide the password for the private key.Start or restart the Serverambari-server restart