Support Questions

ashok_padmanabh · ‎05-04-2016

Configured Ranger and KMS on a Kerberized cluster. Able to create zones and keys.However unable to cat any file put on the directory.

Have given the user access to directory in ranger and ability to decrypt eeks. Any ideas?

hdfs dfs -cat /zone_encr3/abc1.txt cat: org.apache.hadoop.security.authentication.client.AuthenticationException: Authentication failed, status: 500, message: Internal Server Error

Nothing much in kms.log either.

emaxwell · ‎05-10-2016

@Ash Pad

You need to provide additional privileges to the user via keyadmin. The user will need "Get Keys", "Get Metadata", and "Decrypt EEK" privileges on the key to read files in the encryption zone.

View solution in original post

vperiasamy · ‎05-05-2016

any errors being shown catalina.out? are there entries in kms-audit.log?

as what user are you trying to copy the files?

emaxwell · ‎05-10-2016

@Ash Pad

You need to provide additional privileges to the user via keyadmin. The user will need "Get Keys", "Get Metadata", and "Decrypt EEK" privileges on the key to read files in the encryption zone.

Cloudera Community

Support Questions

KMS Unable to decrypt