Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

basic kerberos question

Labels:
mokkan
Explorer

Created on ‎05-22-2018 03:39 PM - edited ‎09-16-2022 06:15 AM

I have kerbertized our environtment with default priveleges. I created another user called tom, but haven't given any provileges, but user can execute all the commands in our cluster such as hdfs, etc.. Do I need to prevent in acl ?

422 Views
0 Kudos
Tags (2)
1 REPLY 1

falbani
Guru

Created ‎05-22-2018 04:49 PM

@Mokkan Mok Assuming you created a new principal (not user) called tom@REALM and performed a kinit tom, then all commands run like hdfs, yarn, spark-submit or others will authenticate using tom@REALM - Then as you mentioned you need acl / authorization to restrict access. You can use Ranger to this end, or else work with the posix with hdfs or acls for yarn and other services.

HTH

*** If you found this answer addressed your question, please take a moment to login and click the "accept" link on the answer.

397 Views
0 Kudos
Take a Tour of the Community
Don't have an account?
Register
Your experience may be limited. Sign in to explore more.
Announcements
Product Announcements
[ANNOUNCE] Cloudera ODBC Driver 2.6.16 for Apache Hive Released
Community Announcements
March 2023 Community Highlights
What's New @ Cloudera
Cloudera DataFlow Designer for self-service data flow development is now generally available to all CDP Public Cloud customers
What's New @ Cloudera
Cloudera Operational Database (COD) UI provides the JWT configuration details to connect to your HBase client
What's New @ Cloudera
Cloudera Operational Database (COD) UI allows storage type selection when creating an operational database
View More Announcements