Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

{msg":"User 'UserX' not allowed to impersonate ''UserY"}

avatar
author-rank naymar
Explorer

Created ‎06-22-2022 02:49 AM

In a kerberized environment, I am creating a session on Livy with a kerberos ticket of User X and giving proxyUser UserY.

curl -v --negotiate -u : -X POST -H "Content-Type: application/json" -d '{"kind":"spark","proxyUser":"UserY"}' https://server-url:8998/sessions -k

 

The response I get is that

{msg":"User 'UserX' not allowed to impersonate ''UserY"}

 

when I initiate a ticket with UserY and

curl -v --negotiate -u : -X POST -H "Content-Type: application/json" -d '{"kind":"spark","proxyUser":"UserY"}' https://server-url:8998/sessions -k

 

Response I get:

{"id":145,"name":null,"appId":null,"owner":"UserY","state":"starting","kind":"spark","appInfo":{"driverLogUrl":null,"sparkUiUrl":null},"log":["stdout: ","\nstderr: ","\nYARN Diagnostics:.....}

 

849 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank jagadeesan author-rank
Master Collaborator

Created ‎07-04-2022 04:03 PM

Hi @naymar, to grant Livy the ability to impersonate the originating user, add the following property to <HADOOP_HOME>/etc/hadoop/core-site.xml:

<property>
      <name>hadoop.proxyuser.livy.groups</name>
      <value>*</value>
</property>

<property>
      <name>hadoop.proxyuser.livy.hosts</name>
      <value>*</value>
</property>

Ref: https://docs.cloudera.com/cdp-private-cloud-base/7.1.7/configuration-properties/topics/cm_props_cdh7...
https://docs.cloudera.com/HDPDocuments/HDP2/HDP-2.5.3/bk_command-line-installation/content/grant_liv... 

View solution in original post

789 Views
0 Kudos
2 REPLIES 2

avatar
author-rank jagadeesan author-rank
Master Collaborator

Created ‎07-04-2022 04:03 PM

Hi @naymar, to grant Livy the ability to impersonate the originating user, add the following property to <HADOOP_HOME>/etc/hadoop/core-site.xml:

<property>
      <name>hadoop.proxyuser.livy.groups</name>
      <value>*</value>
</property>

<property>
      <name>hadoop.proxyuser.livy.hosts</name>
      <value>*</value>
</property>

Ref: https://docs.cloudera.com/cdp-private-cloud-base/7.1.7/configuration-properties/topics/cm_props_cdh7...
https://docs.cloudera.com/HDPDocuments/HDP2/HDP-2.5.3/bk_command-line-installation/content/grant_liv... 

790 Views
0 Kudos

avatar
author-rank VidyaSargur author-rank
Community Manager

Created ‎07-11-2022 11:12 PM

@naymar, Has the reply helped resolve your issue? If so, can you kindly mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future?   


Regards,

Vidya Sargur,
Community Manager

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
759 Views
0 Kudos
webinar banner
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements
meetups banner