Versions Compared

Old Version 1

changes.mady.by.user Andres Aguilar

Saved on

compared with

New Version 2

changes.mady.by.user Andres Aguilar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

For creating an account on a MIT Kerberos Server, in the kadmin.local or kadmin shell you must run the following command:$k

Code Block
languagebash
themeRDark
$ kadmin
kadmin: addprinc [email protected]

...

Then create a keytab for the aspire user:

Code Block
languagebash
themeRDark
kadmin: xst -k aspire.keytab aspire

...

First destroy any kerberos ticket on the cache:

Code Block
languagebash
themeRDark
$ kdestroy
$ klist
klist: No credentials cache found (filename: /tmp/krb5cc_1000)

And then authenticate using the aspire account and keytab

Code Block
languagebash
themeRDark
$ kinit -kt aspire.keytab aspire
$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: [email protected]

Valid starting       Expires              Service principal
04/27/2018 22:46:14  04/28/2018 22:46:14  krbtgt/[email protected]
        renew until 05/04/2018 22:46:14

...

First if you want to be able to write to HDFS from Aspire, you may want to create a user directory for aspire in HDFS. First make sure you have correctly authenticated with Kerberos using the kinit command from above. Then create the /user/aspire directory by executing the following commands:

Code Block
languagebash
themeRDark
$ hadoop fs -mkdir /user/aspire
$ hadoop fs -chown aspire /user/aspire

If you want Aspire to be able to read from an specific HDFS directory, then make sure the aspire user can read it by looking at the permissions from the directoy:

Code Block
languagebash
themeRDark
$ hadoop fs -ls /doc
Found 1 items
drwxrwxrwx - hdfs supergroup 0 2017-12-06 19:53 /doc/sourceId

...

To test connection with HBase after authenticating with the kinit command, let's open the hbase shell:

Code Block
languagebash
themeRDark
$ hbase shell
2018-04-27 23:06:44,384 INFO [main] Configuration.deprecation: hadoop.native.lib is deprecated. Instead, use io.native.lib.available
HBase Shell; enter 'help<RETURN>' for list of supported commands.
Type "exit<RETURN>" to leave the HBase Shell
Version 1.2.0-cdh5.12.1, rUnknown, Thu Aug 24 09:37:07 PDT 2017

hbase(main):001:0>

And execute the list command to test the aspire user permissions:

Code Block
languagebash
themeRDark
hbase(main):001:0> list

If you find any troubles with HBase permissions for your aspire user check Cloudera HBase Authorization for step by step instructions on how to set the appropiate permissions.

...