Reply
New Contributor
Posts: 2
Registered: ‎08-05-2014

Hadoop security

Hi All,

 I have enabled security in CDH5 using the following doc.

 

https://www.cloudera.com/content/cloudera-content/cloudera-docs/CDH5/latest/CDH5-Security-Guide/cdh5...

 

Though i have done configuration as per the doc stilli am getting error while runnig any FileSystem commands

 

I have issued the following command

sudo -u hdfs kinit -k -t /etc/hadoop/conf/hdfs.keytab hdfs/xyz.yyy.com@YYY.COM

sudo -u hdfs hadoop fs -ls /

 

Then i am getting the following error.

 

14/09/09 01:37:27 WARN security.UserGroupInformation: PriviledgedActionException as:hdfs (auth:KERBEROS) cause:javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
14/09/09 01:37:27 WARN ipc.Client: Exception encountered while connecting to the server : javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
14/09/09 01:37:27 WARN security.UserGroupInformation: PriviledgedActionException as:hdfs (auth:KERBEROS) cause:java.io.IOException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
ls: Failed on local exception: java.io.IOException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]; Host Details : xxxxxxx

 

I did lot search in web but i did not get any solution.

 

Please help me.

 

 

 

 

 

Cloudera Employee
Posts: 88
Registered: ‎01-08-2014

Re: Hadoop security

If you have a secure set up, you need not use sudo to run things as the hdfs user. You can just use the given kinit command. Often the "sudo -u hdfs" part is used to get access to the keytab file, but that file can be protected by i.e. group filesystem permissions.

 

Can you paste the output of running the `klist -ef` command (ref CDH5 Security Guide, Appendix A Troubleshooting: Problem 1: Running any Hadoop command fails after e...)

 

 

Announcements