Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

NameNode user in OS userlist

NameNode user in OS userlist

Master Collaborator

I see this "nn" user in KDC but shouldn't I be adding this user in Linux users also ? I am asking this as the lessons I am following is showing the "nn" user being added to the list of users authorized to use KMS key .

if the "nn" user must be added to the OS then are there any guidelines ? like to which group it should belong ?

[root@hadoop1 ~]# kadmin.local -q listprincs | grep nn
nn/hadoop1.abc.com@ABC.COM
nn/hadoop2.abc.com@ABC.COM
[root@hadoop1 ~]#
2 REPLIES 2
Highlighted

Re: NameNode user in OS userlist

@Sami Ahmad

"nn" user should not be present in Linux users, since in KDC its a service principal for Namenode. And service principal do not require user to login they use the principal and acquire password from keytab file and hence user is not created on OS.

Please read more detail about the same on - https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.2/bk_installing_manually_book/content/creatin...

Let me know if that makes clear.

Highlighted

Re: NameNode user in OS userlist

Master Collaborator

so how the lesson I am following is showing me adding the "nn" user to key access list in Ranger KMS?

this is what the instructor is asking me to do :

The code that was executed should be:
 # add user nn for Ranger KMS
 adduser nn
 kadmin.local -q 'addprinc -randkey nn'
  
 service krb5kdc start
 service kadmin start

This should only be done on the node where the KDC/KMS/kerberos-server is installed.
Don't have an account?
Coming from Hortonworks? Activate your account here