Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

basic kerberos question

basic kerberos question

Explorer

I have kerbertized our environtment with default priveleges. I created another user called tom, but haven't given any provileges, but user can execute all the commands in our cluster such as hdfs, etc.. Do I need to prevent in acl ?

1 REPLY 1
Highlighted

Re: basic kerberos question

@Mokkan Mok Assuming you created a new principal (not user) called tom@REALM and performed a kinit tom, then all commands run like hdfs, yarn, spark-submit or others will authenticate using tom@REALM - Then as you mentioned you need acl / authorization to restrict access. You can use Ranger to this end, or else work with the posix with hdfs or acls for yarn and other services.

HTH

*** If you found this answer addressed your question, please take a moment to login and click the "accept" link on the answer.

Don't have an account?
Coming from Hortonworks? Activate your account here