Cloudera Community
atuan5237
user rank
New Contributor

Re: HDFS with kerberos authorization access test

by New Contributor in Support Questions
‎10-25-2017 11:26 AM
‎10-25-2017 11:26 AM
Dear Jay, Oh!! Thank you very much. I think I should enter the limited user, so I just entered "auth=KERBEROS;proxyuser=ambari1" or "auth=KERBEROS;proxyuser=ambari1@example.com" into the field. It shows the error message: Invalid value: "ambari1@example.com" does not belong to the domain ^[A-Za-z_][A-Za-z0-9._-]*[$]?$ Then I wahched your answer again, and check config file "/etc/ambari-server/conf/krb5JAASLogin.conf" . After I changed the right principal name "auth=KERBEROS;proxyuser=ambari-server-c1" . It's work now !!!! Thank you very much !!! 🙂 ... View more

HDFS with kerberos authorization access test

by New Contributor in Support Questions
‎10-24-2017 11:15 AM
‎10-24-2017 11:15 AM
Hi Guys, Question: If I want to test the LDAP users with kerberos authorization to access the HDFS, how could I do this? Version: My Ambar server Version is 2.5.0.3、HDP 2.6.0.3-8 Descriptions: I already set up the Ambari server and enable Kerberos and LDAP. Now I want to test authorization on the HDFS view. I create Instance from "Manage Ambari" => "Views" => "FILES" => Create Instance and set some permissions . I set up the setting "WebHDFS authorization" = auth=KERBEROS;* and set an LDAP user ID. But when I change the User ID to log in Ambari server, it can't be used Service checks completed. Error message: Failed to transition to undefined Usernames not matched: name=root != expected=ambari-server-c1 PS. Before testing, I used kinit created the user's keytab and put it on /etc/security/keytabs/ file, and Verify the keytab it didn't show any error message. ... View more
Labels:
Contact Me
Online
Offline
Last Visited
‎04-19-2018 01:03 AM
Community Statistics
Member Since ‎10-24-2017 10:27 AM
Last Visited ‎04-19-2018 01:03 AM
Posts 3