Hi, kerberos auth question here.
We need to have Kerberos authentication with user impersonation. I know we
had it working on one of our test clusters earlier but nobody can remember
which one or how it was configured. :-(
>From my research I have the following items:
1. There is are Kerberos users alice@REALM and bob@REALM.
2. 'alice' is in the 'supergroup' group on the HDFS node I access.
3. The server has hadoop.proxyuser.alice.users = * set in core-site.xml.
(see note)
4. I can connect using alice@REALM.
5. When I try to connect using UGI.createProxyUser("bob", alice) I get a
"Client cannot authenticate via:[TOKEN, KERBEROS]" error.
6. I didn't have success with "bob@REALM" earlier but I've change the
configuration since then so I might have missed something.
Do I need to create an additional principal for alice? Something like
alice/hdfs@REALM? alice/supergroup@REALM?
Is there
(note: We're using CDH and I'm setting this on the 'advanced configuration
snippets' page. I saved the settings and restarted the servers but I'm not
sure that the files are actually being updated. I've also changed the
configuration files manually.)
--
Bear Giles
Sr. Java Application Engineer
[email protected]
Mobile: 720-749-7876
<http://www.snaplogic.com/about-us/jobs>
*SnapLogic Inc | 929 Pearl St #200 | 80303 CO 80302 | USA*
*SnapLogic Inc | 2 W 5th Avenue 4th Floor | San Mateo CA 94402 | USA *
This message is confidential. It may also be privileged or otherwise
protected by work product immunity or other legal rules. If you have
received it by mistake, please let us know by e-mail reply and delete it
from your system; you may not copy this message or disclose its contents to
anyone. The integrity and security of this message cannot be guaranteed on
the Internet.
