Support Questions

Find answers, ask questions, and share your expertise

Ranger Lookup User in Kerberos -> Does the local user require a Primary or Secondary group membership of any kind?

avatar
Explorer

Hello guys, I'm thinking this might be quick: ranger[hdfs|hbase|knox|hive]lookup user required for Knox integration (

https://community.hortonworks.com/questions/21818/can-proxyuser-group-be-redefined-as-something-else...

) does anybody know if it needs any groups associated with it (or even should it?)

1 ACCEPTED SOLUTION

avatar
Expert Contributor

@rbailey No, technically they don't need a group associated with them. Also they don't need to be able to login to any systems. As long as there is a principal in Kerberos for them and they can authenticate against the KDC you should be okay. As per the answer in the other article you linked to I usually just create a single 'rangerlookup' user and principal to be used by all the services.

View solution in original post

2 REPLIES 2

avatar
Expert Contributor

@rbailey No, technically they don't need a group associated with them. Also they don't need to be able to login to any systems. As long as there is a principal in Kerberos for them and they can authenticate against the KDC you should be okay. As per the answer in the other article you linked to I usually just create a single 'rangerlookup' user and principal to be used by all the services.

avatar
Explorer

Excellent, I have successfully created the user with uid=gid and it worked fine. Thanks!