Cloudera Community
lindsay_gaff
user rank
Explorer

Re: User management on each node

by Explorer in Support Questions
‎12-21-2018 12:32 AM
‎12-21-2018 12:32 AM
@Geoffrey Shelton Okot Thanks. What is the recommended method for syncing users and groups to the edge node? Can I use PAM/LDAP on these nodes to keep it all tied together? or do I still need to manually manage user accounts on the cmdline? ... View more

User management on each node

by Explorer in Support Questions
‎12-20-2018 12:23 AM
‎12-20-2018 12:23 AM
Hi, I have a HDP cluster running with AD authentication for Ranger and Zeppelin. I noticed that in order for Hive to be accessible for a given AD user or group which has been allowed by a Ranger ACL, that username/group must exist on the Hive server (eg useradd some-ad-user -G some-ad-group). A similar behavior happens with HDFS access. I can make the Ranger ACL stick by specifying it by username, but not group, without requiring a user to be setup on the name node. The necessity of this of course seems sensible enough. However I'm not uncertain as to the proper means to manage user accounts for each Linux machine. Do I need to mirror every AD account/group on every cluster node, a subset of service nodes, or is there a third option which is correct? It seems to defeat the purpose for me to use active directory if I must manage users/groups across the entire cluster anyway. I thought perhaps Knox is the solution for this, which I'm in the middle of configuring, but I thought I'd ask the question in case the pursuit is fruitless. Thank you. ... View more
Labels:
Contact Me
Online
Offline
Last Visited
‎04-08-2019 03:57 AM
Community Statistics
Member Since ‎11-01-2018 05:48 AM
Last Visited ‎04-08-2019 03:57 AM
Posts 6