Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

centrify express user principal

Solved Go to solution
Highlighted

centrify express user principal

Expert Contributor

I've configured centrify express for AD/Linux integration. I was able to login to linux machine using windows credentials. I had setup one way trust between AD & Local MIT KDC.

[root@master2 ~]# ssh rvchinta@master2

Red Hat Enterprise Linux Server release 6.4 (Santiago)

Kernel 2.6.32-358.el6.x86_64 on an x86_64

Password:

Last login: Sat Mar 4 07:22:34 2017 from 192.168.56.22

[rvchinta@master2 ~]$ klist

Ticket cache: FILE:/tmp/krb5cc_cdc201327698_saYNYF

Default principal: rvchinta@CHRSV.COM

Valid starting Expires Service principal

03/04/17 10:02:32 03/04/17 20:02:32 krbtgt/CHRSV.COM@CHRSV.COM

renew until 03/11/17 10:02:32

[rvchinta@master2 ~]$

when i access hadoop components it thinks my user name is rvchinta@CHRSV.COM.

Any idea how to handle this? i should be rvchinta but not rvchinta@CHRSV.COM.

thanks

1 ACCEPTED SOLUTION

Accepted Solutions

Re: centrify express user principal

Expert Contributor

I was able to resolve this by adding RULE:[1:$1@$0](.*@CHRSV.COM)s/@.*// in hadoop.seucirty.auth.local in hdfs

2 REPLIES 2

Re: centrify express user principal

Expert Contributor

I was able to resolve this by adding RULE:[1:$1@$0](.*@CHRSV.COM)s/@.*// in hadoop.seucirty.auth.local in hdfs

Re: centrify express user principal

This should have been automatically created for you if you entered CHRSV@COM in the "Additional Realms" box on the Configure Identities in the Enable Kerberos Wizard.

Assuming that you didn't do this, how was the krb5.conf file set up to acknowledge the trusted realm?

Don't have an account?
Coming from Hortonworks? Activate your account here