Support Questions

Alessio · ‎10-03-2014

Hi all,

We have a Kerberized cluster,but at the moment we would disable it.

How is it possible ?

I performed the following steps:

Zookeeper -> enableSecurity (Enable Kerberos Authentication)-> false

HDFS -> hadoop.security.authentication -> Simple
HDFS -> hadoop.security.authorization -> false
HDFS -> dfs.datanode.address -> from 1004 (for Kerberos) to 50010 (default)
HDFS -> dfs.datanode.http.address -> from 1006 (for Kerberos) to 50075 (default)
HDFS -> Data Directory Permissions -> from 700 to 755

HBASE -> hbase.security.authentication -> Simple
HBASE -> hbase.security.authorization -> false

But when I start the cluster I have problems on Hue and Solr

Hue: It seems that Kerberos is still configured for Hue

-> The Kerberos Ticket Renewer is not running. How can i disable it?

-> Impala e Oozie don't run from Hue

Solr:

Caused by: java.io.IOException: Failed on local exception: java.io.IOException: Server asks us to fall back to SIMPLE auth, but this client is configured to only allow secure connections.;

I noticed that Hue and Solr run in secure mode. How can I disable them ?

Thanks

Alessio

Grizzly · ‎10-09-2014

You would work your way back through the security guide discussion on enabling kerberos:

http://www.cloudera.com/content/cloudera/en/documentation/cloudera-manager/v5-latest/Configuring-Had...

Note that if HBASE, or NN HA or JT HA was configured after enabling security, the cleanup can be difficult, the Znode paths within zookeeper might require manual removal of the ACL statements.

Todd

View solution in original post

dmurthy · ‎04-15-2015

Hello Alessio,

I am facing the same problem could you please outline the steps you did for Yarn and Zookeeper.

Thanks

Deepak

slmingol · ‎02-16-2016

The link provided is now broken. Is there an update to it?

slmingol · ‎02-16-2016

cjervis · ‎02-17-2016

Try this one:

http://www.cloudera.com/documentation/manager/5-1-x/Configuring-Hadoop-Security-with-Cloudera-Manage...

Cy Jervis, Manager, Community Program
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

dna_29a · ‎09-16-2015

Have the same problem, but after clean and reinstall cluster (using parcels). Error appears when oozie java action wrties to HDFS (runs from HUE). Earlier on this cluster was Kerberos, and I cleand all (I hope) directories from previous installation.

Here is a detailed message:

Failing Oozie Launcher, Main class [org.apache.oozie.action.hadoop.JavaMain], main() threw exception, java.io.IOException:
Failed on local exception: java.io.IOException: Server asks us to fall back to SIMPLE auth, but this client is configured to only allow secure connections.; 
Host Details : local host is: "hadoop-05.xxx.xx/172.19.x.xxx"; destination host is: "hadoop-02.xxx.xx":8020; 
org.apache.oozie.action.hadoop.JavaMainException: java.io.IOException: Failed on local exception: java.io.IOException:
Server asks us to fall back to SIMPLE auth, but this client is configured to only allow secure connections.;
Host Details : local host is: "hadoop-05.xxx.xx/172.19.x.xxx"; destination host is: "hadoop-02.xxx.xx":8020;

Tomas79 · ‎02-11-2016

I have a similar problem wanted to turn off Kerberos, so did everythin (turn auth to simple, data node ports etc etc).
Now the cluster does not use Kerberos, HDFS and Hive and Impala works fine, BUT THE OPTION FOR ENABLE KERBEROS IS STILL GREYED
Any thoughts?
T

Cloudera Community

Support Questions

Disabling Kerberos