Cloudera Community
ewalk
user rank
Rising Star
My Accepted Solutions
Show All

Re: issue with openldap/kerberos

by Super Guru in Support Questions
‎07-21-2016 10:43 AM
‎07-21-2016 10:43 AM
Thanks avijeet. I corrected this. ... View more

Re: Kerberos KDC secondary

by Rising Star in Support Questions
‎06-21-2016 06:45 PM
‎06-21-2016 06:45 PM
I generally recommend letting DNS handle this. The latest versions of the KRB client will default to resolving the KDC from SRV records in the DNS for the realm. This should be configured by default if you use Microsoft Active Directory (or AWS Simple AD). If you want it explicit in your krb5.conf file, you can use DNS round robin with the A/AAA/CNAME and reference that name in krb5.conf. Further, you could have multiple "kdc" entries for a realm in krb5.conf and a master_kdc entry which is only used when there are certain kinds of issues. You can always manage the krb5.conf from Ambari inside the Kerberos component configs. ... View more

Re: Choosing Kerberos approach for Hadoop cluster ...

by Rising Star in Community Articles
‎06-20-2016 01:06 PM
‎06-20-2016 01:06 PM
@Shishir Saxena In approach a, lack of involvement from enterprise security teams is not a positive thing. When dealing with a large enterprise, security is paramount and we should never be recommending that HDP administrators be permitted to manage authentication systems. Separation of duties is a core security principle and should not be taken lightly. ... View more

Re: Keberos Implementation Approach: is it recomme...

by Expert Contributor in Support Questions
‎06-20-2016 01:42 PM
‎06-20-2016 01:42 PM
Hi Eric, Thanks for answer can you please clarify bit more do you agree with having KDC master on separate server in production scenario or not ? do you see any issues having KDC slave incase master KDC goes down ? Thanks Ripunjay ... View more

Re: Windows authentication (Active Directory) to H...

by Master Mentor in Support Questions
‎02-02-2016 05:10 PM
‎02-02-2016 05:10 PM
@Kevin Vasko has this been resolved? Can you accept the best answer or provide your own solution? ... View more

Re: beeline and kerberos

by Explorer in Support Questions
‎08-21-2017 02:00 AM
2 Kudos
‎08-21-2017 02:00 AM
2 Kudos
I solved this problem after adding this property to core-site.xml. <configuration> <property> <name>hadoop.security.authentication</name> <value>kerberos</value> </property> </configuration> ... View more

Re: Configuring ambari views on Kerberized Cluster

by Rising Star in Support Questions
‎01-04-2016 09:46 PM
‎01-04-2016 09:46 PM
@Darpan Patel Darpan, I have one question related to what you did. I am newbie to Kerberos. I am actually running a similar configuration, where I have AD that holds all principals. Regarding what you have said: >>After Kerberization I created a user "ambari­-user/ambari-Host_name_here@KDCRealm.com you did this in the AD right ? >>And also created a key tab, copied on the ambari -server machine How did you do that? You created the keytab at the ambari-server host ? or created it in AD and somehow you copied the keytab to /etc/security/keytabs of your ambari server host ? ... View more

Re: HDP 2.2 Configuration required for S3

by Guru Guru in Community Articles
‎12-13-2016 11:57 PM
‎12-13-2016 11:57 PM
s3n is deprecated in newer versions of Hadoop (see https://wiki.apache.org/hadoop/AmazonS3), so it's better to use s3a. To use s3a, specify s3a:// in front of the path when accessing files. The following properties need to be configured first: <property><name>fs.s3a.access.key</name><value>ACCESS-KEY</value></property><property><name>fs.s3a.secret.key</name><value>SECRET-KEY</value></property> ... View more

Re: How can I fix incorrect file permissions for s...

by Rising Star in Support Questions
‎12-17-2015 09:13 PM
‎12-17-2015 09:13 PM
The root user's umask is 0027 ... View more
Contact Me
Online
Offline
Last Visited
‎09-06-2016 06:29 PM
Community Statistics
Member Since ‎12-08-2015 06:44 PM
Last Visited ‎09-06-2016 06:29 PM
Posts 34
Kudos received 19