Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

use of hadoop.security.token.service.use_ip=false with Isilon

avatar
author-rank russ_stevenson
Contributor

Created on ‎06-12-2018 04:33 PM - edited ‎09-16-2022 06:20 AM

Previously it had always recommended adding the following to the core-site.xml to limit hostname and IP exposure when getting Kerberos delegation tokens: hadoop.security.token.service.use_ip=false when using Kerberos with HDP and Isilon.

But in recent deployments, this setting does not appear as critical as previously required if full forward and DNS is implemented correctly. (PTR's on all Isilon Pool IP's).

I'm looking for any field experience on this issue, is this setting still required or needed to avoid delegation token issues?

3,417 Views
1 REPLY 1

avatar
sandeepV2 author-rank
Cloudera Employee

Created ‎06-02-2021 07:25 AM

Specify the following configurations in Cloudera Manager on the Clusters > Isilon Service > Configuration tab:

  • In the Isilon Cluster-wide Advanced Configuration Snippet (Safety Valve) for core-site.xml property for the Isilon service, set the value  use_ip property to FALSE.

 

hadoop.security.token.service.use_ip = false

 

For more info click here 

 

 

1,794 Views
0 Kudos
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements