About farbman

farbman · ‎12-21-2017

@Geoffrey Shelton Okot Is there anyway to test the encryption on the ports? I'd like to have some documented results as opposed to just trusting the settings. I think I have set everything correctly.

farbman · ‎12-20-2017

Is there a way to verify RPC encryption in a kerberized cluster for HDFS and YARN ports? Running openssl gives me a "connection reset by peer message" and I suspect this might be because of kerberos authentication.

farbman · ‎12-06-2017

Is it possible to encrypt all communication from/to Zookeeper? I haven't seen any HDP documentation.

farbman · ‎11-08-2017

Hi Aditya, Thanks for the response. Unfortunately I am having the same issues, even with the accumulo principal. Code and output is below. klist -kt /etc/security/keytabs/accumulo.headless.keytab Keytab name: FILE:/etc/security/keytabs/accumulo.headless.keytab KVNO Timestamp Principal ---- ----------------- -------------------------------------------------------- 1 10/02/17 14:31:46 accumulo-sandbox@EXAMPLE.COM 1 10/02/17 14:31:46 accumulo-sandbox@EXAMPLE.COM 1 10/02/17 14:31:46 accumulo-sandbox@EXAMPLE.COM 1 10/02/17 14:31:46 accumulo-sandbox@EXAMPLE.COM 1 10/02/17 14:31:46 accumulo-sandbox@EXAMPLE.COM kinit -kt /etc/security/keytabs/accumulo.headless.keytab accumulo-sandbox@EXAMPLE.COM accumulo shell > whoami accumulo-sandbox@EXAMPLE.COM > grant System.CREATE_TABLE -s -u me@EXAMPLE.COM 2017-11-08 11:47:52,874 [shell.Shell] ERROR: org.apache.accumulo.core.client.AccumuloSecurityException: Error PERMISSION_DENIED for user accumulo-sandbox@EXAMPLE.COM - User does not have permission to perform this action > userpermissions Namespace permissions (accumulo): Namespace.READ Table permissions (accumulo.metadata): Table.READ Table permissions (accumulo.replication): Table.READ Table permissions (accumulo.root): Table.READ Do you have any other suggestions? Thanks! Jay

farbman · ‎11-08-2017

I've had trouble granting administrator permissions for Accumulo to a kerberos user on the HDP 2.6.1 VirtualBox sandbox. I stop all Accumulo services from Ambari and run the following command. $ sudo -u accumulo ACCUMULO_CONF_DIR=/etc/accumulo/conf/server accumulo init --reset-security -u me@EXAMPLE.COM I enter the passwords as blank since it's a kerberized cluster. The command outputs: 2017-11-07 09:46:26,012 [conf.AccumuloConfiguration] INFO : Loaded class : org.apache.accumulo.server.security.handler.KerberosAuthorizor 2017-11-07 09:46:26,023 [conf.AccumuloConfiguration] INFO : Loaded class : org.apache.accumulo.server.security.handler.KerberosAuthenticator 2017-11-07 09:46:26,031 [conf.AccumuloConfiguration] INFO : Loaded class : org.apache.accumulo.server.security.handler.KerberosPermissionHandler 2017-11-07 09:46:26,281 [handler.KerberosAuthenticator] INFO : Removed /accumulo/0c13d53b-b043-4887-a839-a6ee9749f919/users/ from zookeeper I start all Accumulo services from Ambari. I kinit with me@EXAMPLE.COM successfully. I run: $ accumulo shell me@EXAMPLE.COM@hdp-accumulo-instance> whoami #returns the correct user me@EXAMPLE.COM@hdp-accumulo-instance> userpermissions # shows that I only have read permissions on the following tables: Namespace permissions (accumulo): Namespace.READ Table permissions (accumulo.metadata): Table.READ Table permissions (accumulo.replication): Table.READ Table permissions (accumulo.root): Table.READ I am unable to perform any non-read actions on any tables with these permissions. me@EXAMPLE.COM@hdp-accumulo-instance> createtable test 2017-11-07 10:02:09,065 [shell.Shell] ERROR: org.apache.accumulo.core.client.AccumuloSecurityException: Error PERMISSION_DENIED for user me@EXAMPLE.COM on table test(?) - User does not have permission to perform this action me@EXAMPLE.COM@hdp-accumulo-instance> grant System.CREATE_TABLE -s -u me@EXAMPLE.COM 2017-11-07 10:05:17,661 [shell.Shell] ERROR: org.apache.accumulo.core.client.AccumuloSecurityException: Error PERMISSION_DENIED for user me@EXAMPLE.COM - User does not have permission to perform this action Appreciate any help!

Online	Offline
Last Visited	‎05-26-2021 03:33 AM

Date Registered	‎11-07-2017 07:04 PM
Last Visited	‎05-26-2021 03:33 AM
Total Messages Posted	7

Re: Verify Hadoop Encryption

Verify Hadoop Encryption

Zookeeper Encrypt Communication

Re: Accumulo Kerberos Admin Account Not Granted Ad...

Accumulo Kerberos Admin Account Not Granted Admin ...