FreeIPA Is a powerful tool for unifying identity, kerberos credentials, across a cluster.
A great value add for ambari would be to provide support for using FreeIPA to kerberize services. This would allow for
1) better HCFS interoperability, because first class GID/UID is critical for certain file systems (GlusterFS, Lustre, and any other file system which uses kernel / FUSE apis for determining identity)
2) better enterprise interoperability. Because of the fact that FreeIPA makes it easy to interop with different identity solutions (like active directory), it would make ambari easier to adopt for various enterprises.
3) broadens ambaris scope. Now ambari could also allow people to setup the users of their clusters, and at least some of the security features of their clusters, all from one interface (no more manual handling of TGTs and such - it could all be done quite easily via the ambari UI which could make calls to underlying FreeIPA clients).