Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

Ranger Lookup User in Kerberos -> Does the local user require a Primary or Secondary group membership of any kind?

Labels:
avatar
author-rank rbailey
New Member

Created ‎02-02-2017 11:54 PM

Hello guys, I'm thinking this might be quick: ranger[hdfs|hbase|knox|hive]lookup user required for Knox integration (

https://community.hortonworks.com/questions/21818/can-proxyuser-group-be-redefined-as-something-else...

) does anybody know if it needs any groups associated with it (or even should it?)

3,676 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank tstebbens
Expert Contributor

Created ‎02-03-2017 09:39 AM

@rbailey No, technically they don't need a group associated with them. Also they don't need to be able to login to any systems. As long as there is a principal in Kerberos for them and they can authenticate against the KDC you should be okay. As per the answer in the other article you linked to I usually just create a single 'rangerlookup' user and principal to be used by all the services.

View solution in original post

3,263 Views
2 REPLIES 2

avatar
author-rank tstebbens
Expert Contributor

Created ‎02-03-2017 09:39 AM

@rbailey No, technically they don't need a group associated with them. Also they don't need to be able to login to any systems. As long as there is a principal in Kerberos for them and they can authenticate against the KDC you should be okay. As per the answer in the other article you linked to I usually just create a single 'rangerlookup' user and principal to be used by all the services.

3,264 Views

avatar
author-rank rbailey
New Member

Created ‎02-03-2017 11:49 AM

Excellent, I have successfully created the user with uid=gid and it worked fine. Thanks!

3,263 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Real time Monitoring for 7.1.9+ and 7.2.18+ with Cl...
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
View More Announcements