Cloudera Community
ebomarsi
user rank
New Contributor

Re: Cloudera Manager: enabling kerberos security w...

by New Contributor in Support Questions
‎07-19-2016 03:07 PM
‎07-19-2016 03:07 PM
The Keytab Retrieval Script method can be used to integrate with IPA since there is no support for direct-to-IPA keytab management. See the following documentation for information: http://www.cloudera.com/documentation/enterprise/latest/topics/sg_keytab_retrieval_script.html ... View more

Cloudera Manager: enabling kerberos security with ...

by New Contributor in Support Questions
‎07-01-2016 07:40 AM
‎07-01-2016 07:40 AM
I am trying to turn on kerberos security on my Cloudera cluster using Cloudera Manager (CM). I have an existing Kerberos KDC in my network as part of an integrated Free IPA server. I am able to create a cloudera-scm user with admin privs on the CM node, installed the keytab file, and authenticate to the CM. However, I see that when CM tries to create a principal for other Hadoop services, it fails. I found a similar issue posted with IPA and Ambari. It seems Free IPA does not permit applications to directly access the kadmin tool. Instead the service exposes an equivalent set of ipa commands. (reference: https://www.redhat.com/archives/freeipa-users/2015-April/msg00560.html ) Looking at the CM logs, it appears to be the same issue where CM is failing on a kadmin command trying to create a prinicpal for the HDFS user. Is it possible to modify the CM kerberos interface to use the equivalent ipa commands? ... View more
Contact Me
Online
Offline
Last Visited
‎01-10-2017 06:25 PM
Community Statistics
Member Since ‎06-30-2016 03:22 PM
Last Visited ‎01-10-2017 06:25 PM
Posts 3