- last edited on
When I started the ranger user sync plugin, I noticed that Kerberos principal didn't map as configured in hadoop.security.auth_to_local. I have created the ranger user sync Keytab as below.
1) Created a user in the active directory. Let's say this user is Ranger123
2) Created a keytab using principal as "rangerusersync/<hostname>@EXAMPLE.COM. While creating this keytab, I mapped the user (created in step 1) as well.
3) In core-site.xml, I configured "hadoop.security.auth_to_local" property as below.RULE:[2:$1@$0](rangeradmin@EXAMPLE.COM)s/.*/ranger/RULE:[2:$1@$0](rangerusersync@EXAMPLE.COM)s/.*/rangerusersync/DEFAULTOnce the above steps are done, per my understanding, Ranger123 will be mapped to rangerusersync. I am saying this because of the rule we set up for rangerusersync in core-site.xml (step 3).But, when I logged into policy manager, I am seeing the Ranger123 user is created which does not look correct to me.
Can you please help me, if I have done anything wrong or I missed any step?
Note: These steps are manual and didn't use Ambari.