Support Questions
Find answers, ask questions, and share your expertise

Kerberos principal is not mapping with local user.

Kerberos principal is not mapping with local user.

Explorer

When I started the ranger user sync plugin, I noticed that Kerberos principal didn't map as configured in hadoop.security.auth_to_local. I have created the ranger user sync Keytab as below.

 

1) Created a user in the active directory. Let's say this user is Ranger123

2) Created a keytab using principal as "rangerusersync/<hostname>@EXAMPLE.COM. While creating this keytab, I mapped the user (created in step 1) as well.

 

3) In core-site.xml, I configured "hadoop.security.auth_to_local" property as below.

RULE:[2:$1@$0](rangeradmin@EXAMPLE.COM)s/.*/ranger/
RULE:[2:$1@$0](rangerusersync@EXAMPLE.COM)s/.*/rangerusersync/
DEFAULT

Once the above steps are done, per my understanding, Ranger123 will be mapped to rangerusersync. I am saying this because of the rule we set up for rangerusersync in core-site.xml (step 3).

But, when I logged into policy manager, I am seeing the Ranger123 user is created which does not look correct to me.

Can you please help me, if I have done anything wrong or I missed any step?

 

Note: These steps are manual and didn't use Ambari.