To pull data from the insecure cluster to the secure cluster, connect to the secure cluster and run the below: kinit as your user of choice. klist to confirm hdfs dfs -D ipc.client.fallback-to-simple-auth-allowed=true -ls hdfs://<insecure cluster>/ hadoop distcp -D ipc.client.fallback-to-simple-auth-allowed=true hdfs://<insecure cluster>/path/to/source destination Note the space after the -D parameter. I prefer this way rather than modifying the global HDFS configuration to allow simple auth. If not using HA on the insecure cluster you can use the insecure cluster's active namenode address and port for <insecure cluster>. Otherwise if using HA, you can use the nameservice for the insecure cluster as the value for <insecure cluster>, but only if the secure cluster HDFS has already been configured to know about the insecure cluster nameservice. Let me know if you need help with that also. ... View more

@rakesh kumar Kerberos is for authentication purpose while doAs is for authorization. When doAs is set to true, the queries against Metastore and jobs executed on HADOOP cluster run as the end user as opposed to user "hive". For example, the HDFS permission checks during job executions will be against the end user. ... View more

granting insert/delete privileges on a database for a User will let the User have similar privilege on all tables under the database. User can perform DML and DDL actions in that database. ... View more

What will be the steps if the cluster has 2 namenodes (active and standby) with 3 journal nodes? ... View more