Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Ranger Lookup User in Kerberos -> Does the local user require a Primary or Secondary group membership of any kind?

Solved Go to solution

Ranger Lookup User in Kerberos -> Does the local user require a Primary or Secondary group membership of any kind?

Explorer

Hello guys, I'm thinking this might be quick: ranger[hdfs|hbase|knox|hive]lookup user required for Knox integration (

https://community.hortonworks.com/questions/21818/can-proxyuser-group-be-redefined-as-something-else...

) does anybody know if it needs any groups associated with it (or even should it?)

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Ranger Lookup User in Kerberos -> Does the local user require a Primary or Secondary group membership of any kind?

Contributor

@rbailey No, technically they don't need a group associated with them. Also they don't need to be able to login to any systems. As long as there is a principal in Kerberos for them and they can authenticate against the KDC you should be okay. As per the answer in the other article you linked to I usually just create a single 'rangerlookup' user and principal to be used by all the services.

2 REPLIES 2

Re: Ranger Lookup User in Kerberos -> Does the local user require a Primary or Secondary group membership of any kind?

Contributor

@rbailey No, technically they don't need a group associated with them. Also they don't need to be able to login to any systems. As long as there is a principal in Kerberos for them and they can authenticate against the KDC you should be okay. As per the answer in the other article you linked to I usually just create a single 'rangerlookup' user and principal to be used by all the services.

Re: Ranger Lookup User in Kerberos -> Does the local user require a Primary or Secondary group membership of any kind?

Explorer

Excellent, I have successfully created the user with uid=gid and it worked fine. Thanks!

Don't have an account?
Coming from Hortonworks? Activate your account here