I see this "nn" user in KDC but shouldn't I be adding this user in Linux users also ? I am asking this as the lessons I am following is showing the "nn" user being added to the list of users authorized to use KMS key .
if the "nn" user must be added to the OS then are there any guidelines ? like to which group it should belong ?
[root@hadoop1 ~]# kadmin.local -q listprincs | grep nn nn/hadoop1.abc.com@ABC.COM nn/hadoop2.abc.com@ABC.COM [root@hadoop1 ~]#
"nn" user should not be present in Linux users, since in KDC its a service principal for Namenode. And service principal do not require user to login they use the principal and acquire password from keytab file and hence user is not created on OS.
Please read more detail about the same on - https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.2/bk_installing_manually_book/content/creatin...
Let me know if that makes clear.
so how the lesson I am following is showing me adding the "nn" user to key access list in Ranger KMS?
this is what the instructor is asking me to do :
The code that was executed should be: # add user nn for Ranger KMS adduser nn kadmin.local -q 'addprinc -randkey nn' service krb5kdc start service kadmin start This should only be done on the node where the KDC/KMS/kerberos-server is installed.