Support Questions

Find answers, ask questions, and share your expertise

{msg":"User 'UserX' not allowed to impersonate ''UserY"}

New Contributor

In a kerberized environment, I am creating a session on Livy with a kerberos ticket of User X and giving proxyUser UserY.

curl -v --negotiate -u : -X POST -H "Content-Type: application/json" -d '{"kind":"spark","proxyUser":"UserY"}' https://server-url:8998/sessions -k

 

The response I get is that

{msg":"User 'UserX' not allowed to impersonate ''UserY"}

 

when I initiate a ticket with UserY and

curl -v --negotiate -u : -X POST -H "Content-Type: application/json" -d '{"kind":"spark","proxyUser":"UserY"}' https://server-url:8998/sessions -k

 

Response I get:

{"id":145,"name":null,"appId":null,"owner":"UserY","state":"starting","kind":"spark","appInfo":{"driverLogUrl":null,"sparkUiUrl":null},"log":["stdout: ","\nstderr: ","\nYARN Diagnostics:.....}

 

1 ACCEPTED SOLUTION

Expert Contributor

Hi @naymar, to grant Livy the ability to impersonate the originating user, add the following property to <HADOOP_HOME>/etc/hadoop/core-site.xml:

<property>
      <name>hadoop.proxyuser.livy.groups</name>
      <value>*</value>
</property>

<property>
      <name>hadoop.proxyuser.livy.hosts</name>
      <value>*</value>
</property>

Ref: https://docs.cloudera.com/cdp-private-cloud-base/7.1.7/configuration-properties/topics/cm_props_cdh7...
https://docs.cloudera.com/HDPDocuments/HDP2/HDP-2.5.3/bk_command-line-installation/content/grant_liv...
 

View solution in original post

2 REPLIES 2

Expert Contributor

Hi @naymar, to grant Livy the ability to impersonate the originating user, add the following property to <HADOOP_HOME>/etc/hadoop/core-site.xml:

<property>
      <name>hadoop.proxyuser.livy.groups</name>
      <value>*</value>
</property>

<property>
      <name>hadoop.proxyuser.livy.hosts</name>
      <value>*</value>
</property>

Ref: https://docs.cloudera.com/cdp-private-cloud-base/7.1.7/configuration-properties/topics/cm_props_cdh7...
https://docs.cloudera.com/HDPDocuments/HDP2/HDP-2.5.3/bk_command-line-installation/content/grant_liv...
 

Community Manager

@naymar, Has the reply helped resolve your issue? If so, can you kindly mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future?   



Regards,

Vidya Sargur,
Community Manager


Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.