Secure Grid Mode Configuration
Secure Cluster Mode
Setting | Description |
|---|---|
HDFS Namenode | Full URI to the Namenode, e.g., |
Datameer X Private Folder | Path to the Datameer X user's directory on HDFS |
Job Tracker | Hostname and port of the JobTracker e.g., machine.company.com:8020 |
Datameer X Principal | Fully qualified Kerberos principal for the Datameer X user, e.g., |
Datameer X Principal Keytab Path | Absolute path of the keytab file containing the credentials of the Datameer X user, e.g., |
| Yarn Principal | Fully qualified Kerberos principal for the Namenode service user, user will almost always be
|
HDFS Principal | Fully qualified Kerberos principal for the Namenode service user, user is almost always be
|
Mapred Principal | Fully qualified Kerberos principal for the JobTracker service user, user is almost always be
|
Creating a Kerberos keytab
To create a keytab file for a Kerberos principal, das/machine.company.com@COMPANY.COM, run the ktuil application on a machine with Kerberos client software and access to the Kerberos realm.
ktutil: addent -password -p das/machine.company.com@COMPANY.COM -k 1 -e des3-cbc-sha1 <ENTER PASSWORD> ktutil: wkt das.keytab
This action creates a keytab file das.keytab which can now be used to authenticate the Kerberos principal.
Depending on your Kerberos realm's configured encryption types, the values for the -e argument might change. To find the avaliable encryption types look for the libdefaults section in your Kerberos configuration file, usually /etc/krb5.conf:
[libdefaults]
default_realm = LOCAL.NETWORK
dns_fallback = no
noaddresses = TRUE
default_tgs_enctypes = des3-cbc-sha1
default_tkt_enctypes = des3-cbc-sha1
permitted_enctypes = des3-cbc-sha1