Support Questions

Find answers, ask questions, and share your expertise

Does it need to ues Kerberos when install Ranger-storm plugin?

avatar
Explorer

Hi ALL:

We have successfully installed Storm Plugin for apache ranger, and we are also able to create policies within ranger, the problem is that when we click the Connection Test button after add a storm service,we got a error about Kerberos.The error report is that:

org.apache.ranger.plugin.client.HadoopException: executeUnderKerberos: Login failure using given configuration parameters, username : `admin`..

executeUnderKerberos: Login failure using given configuration parameters, username : `admin`.. kerberos.example.com: Name or service not known.

Hadoop Version:2.7.2

Ranger Version: 0.62

Storm Version:1.0.0

Any ideas or help in this regard will be appreciated.

Thanks in advance.

Regards,

Benny

1 ACCEPTED SOLUTION

avatar
Contributor

To enable ranger-storm-plugin need to have kerberos environment. Refer: Enabling Storm Plugin

Also link /etc/hadoop/conf/core-site.xml under /etc/storm/conf

View solution in original post

7 REPLIES 7

avatar
Explorer

we can see the plugin on Ranger admin in Audit >plugins tab

avatar
Contributor

To enable ranger-storm-plugin need to have kerberos environment. Refer: Enabling Storm Plugin

Also link /etc/hadoop/conf/core-site.xml under /etc/storm/conf

avatar
Explorer

@mvaradkar Thank you very much for you reply.we will follow you advice,and holp it will helps to solve the problem.thank you again.

avatar
Super Guru

avatar
Explorer

@Sagar Shimpi Thank you very much for you reply.Because I am a student ,I should study apache ranger wihtout Ambari. It also help for my work and thank you again for you reply.

avatar

@hu bai

Contrary to popular belief, it is not necessary to enable Kerberos to use the Ranger plugin. Kerberos is for authentication, while Ranger does authorization. You can use other authentication techniques to identify the user, if you choose. Kerberos is a very secure and reliable way of authenticating a user, and that is why is is frequently used. However, you can use Unix auth or LDAP authentication in your cluster to identify the user. The username which submits the Storm topology is the one used for authorization with Ranger. Ranger will then use its policy information to determine what the user is allowed to do.

avatar
Master Mentor

@emaxwell just heard from engineering, in case of Storm, kerberos is required for Ranger authorization.