@@Smart Data If you intend to run a secure Hadop cluster then there is no way you can avoid Kerberos. Below are the difference between knox and kerberos. The Apache Knox Gateway is a system that provides a single point of authentication and access. It provides the following features: Single REST API Access Point Centralized authentication, authorization and auditing for Hadoop REST/HTTP services LDAP/AD Authentication, Service Authorization and Audit Eliminates SSH edge node risks Hides Network Topology LAYERS OF DEFENSE FOR A HADOOP CLUSTER Perimeter Level Security – Network Security, Apache Knox (gateway) Authentication : Kerberos Authorization OS Security : encryption of data in network and HDFS Apache Knox can also access a Hadoop cluster over HTTP or HTTPS CURRENT FEATURES OF APACHE KNOX Authenticate : by LDAP or Cloud SSO Provider Provides services for HDFS, HCat, HBase, Oozie, Hive, YARN, and Storm HTTP access for Hive over JDBC support is available (ODBC driver Support- In Future) Hope that helps to explain. ... View more

@@Smart Data If you intend to run a secure Hadop cluster then there is no way you can avoid Kerberos. Below are the difference between knox and kerberos. The Apache Knox Gateway is a system that provides a single point of authentication and access. It provides the following features: Single REST API Access Point Centralized authentication, authorization and auditing for Hadoop REST/HTTP services LDAP/AD Authentication, Service Authorization and Audit Eliminates SSH edge node risks Hides Network Topology LAYERS OF DEFENSE FOR A HADOOP CLUSTER Perimeter Level Security – Network Security, Apache Knox (gateway) Authentication : Kerberos Authorization OS Security : encryption of data in network and HDFS Apache Knox can also access a Hadoop cluster over HTTP or HTTPS CURRENT FEATURES OF APACHE KNOX Authenticate : by LDAP or Cloud SSO Provider Provides services for HDFS, HCat, HBase, Oozie, Hive, YARN, and Storm HTTP access for Hive over JDBC support is available (ODBC driver Support- In Future) Hope that helps to explain. ... View more

@Ameya Sakhalkar Just run this it should work while logged on as root MySQL,make sure you are connected to the ranger database grant all on rangeradmin.* to ranger; Flush privileges; ... View more

@@Mazin Mohammed Any updates on this issue? ... View more

@Divakar Annapureddy No the expiry date is "renew until 07/31/2017 08:28:49" 07/24/2017 08:28:50 07/24/2017 18:28:50 krbtgt/EXAMPLE.COM@EXAMPLE.COM renew until 07/31/2017 08:28:49 ... View more

@Mazin Mohammed Your kerberos ticket should now expire in 7 days 07/31/2017 08:28:49 can you monitor to see if the nn again goes down? ... View more

@Mazin Mohammed How about the ntp setting across the cluster? Can you run the below commands substituting with the correct values. First run the klit -kt to get the principal for namenode ... # klist -kt /etc/security/keytabs/nn.service.keytab Keytab name: FILE:/etc/security/keytabs/nn.service.keytab KVNO Timestamp Principal ---- ------------------- ------------------------------------------------------ 1 07/18/2017 08:49:43 nn/my_fdqn.com@REALM.COM 1 07/18/2017 08:49:43 nn/my_fdqn.com@REALM.COM 1 07/18/2017 08:49:43 nn/my_fdqn.com@REALM.COM 1 07/18/2017 08:49:43 nn/my_fdqn.com@REALM.COM 1 07/18/2017 08:49:43 nn/my_fdqn.com@REALM.COM # kinit -kt /etc/security/keytabs/nn.service.keytab nn/my_fdqn.com@REALM.COM # klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: nn/my_fdqn.com@REALM.COM Valid starting Expires Service principal 07/24/2017 06:30:56 07/25/2017 06:30:56 krbtgt/REALM.COM@REALM.COM ... View more