Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

Ranger Plugins with Kerberos: Users for lookup?

Labels:
avatar
author-rank benhadoop
Expert Contributor

Created ‎06-30-2016 10:34 AM

Hi community,

working through the documentation, I stumbled about some pages regarding Ranger Plugins when enabling Kerberos (Link).

The documentation states the requirement to create some extra users for lookup purposes (such as rangerhdfslookup) for HDFS, HBase, Hive and Knox. The HDP documentation is the only place I found this information.

Is this a mandatory requirement? Why is this user needed?

Hope you can clear this up for me.

Best regards, Benjamin

1,571 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank benhadoop
Expert Contributor

Created ‎06-30-2016 10:46 AM

Oh well, I think I found the answer in the community:

"If your cluster is kerberized you'll need one more account usually called "rangerlookup" to facilitate autocompletion of databases, tables etc, with a headless principal and a password (keytab unsupported). The docs talk about a rangerlookup account per service (hdfs, hbase, etc.) but I use only one." (Source: https://community.hortonworks.com/questions/21818/can-proxyuser-group-be-redefined-as-something-else...

Other helpful entries:

https://community.hortonworks.com/questions/12039/ranger-ui-for-hive-plug-in-auto-complete-of-tables...

https://community.hortonworks.com/questions/21145/autocompletion-of-names-not-working-in-ranger.html

https://community.hortonworks.com/questions/432/permissions-necessary-for-the-user-required-to-con.h...

View solution in original post

1,008 Views
0 Kudos
1 REPLY 1

avatar
author-rank benhadoop
Expert Contributor

Created ‎06-30-2016 10:46 AM

Oh well, I think I found the answer in the community:

"If your cluster is kerberized you'll need one more account usually called "rangerlookup" to facilitate autocompletion of databases, tables etc, with a headless principal and a password (keytab unsupported). The docs talk about a rangerlookup account per service (hdfs, hbase, etc.) but I use only one." (Source: https://community.hortonworks.com/questions/21818/can-proxyuser-group-be-redefined-as-something-else...

Other helpful entries:

https://community.hortonworks.com/questions/12039/ranger-ui-for-hive-plug-in-auto-complete-of-tables...

https://community.hortonworks.com/questions/21145/autocompletion-of-names-not-working-in-ranger.html

https://community.hortonworks.com/questions/432/permissions-necessary-for-the-user-required-to-con.h...

1,009 Views
0 Kudos
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements