As part of our implementation, we are utilizing a full "Kerberized" cluster built on the Hortonworks suite. We're using Job Server as the front end to initiate short-run jobs directly from our client-facing product suite.
1) We believe we have configured the job server to start with the appropriate credentials, specifying a principal and keytab. We switch to YARN-CLIENT mode and can see Job Server attempt to connect to the resource manager, and the result is that whatever the principal name is, it "cannot impersonate root." We have been unable to solve this. 2) We are primarily a Windows shop, hence our cluelessness here. That said, we're using the JDBC driver version 4.2 and want to use JavaKerberos authentication to connect to SQL Server. The queries performed by the job are done in the driver, and hence would be running on the Job Server, which we confirmed is running as the principal we have designated. However, when attempting to connect with this option enabled I receive a "Unable to obtain Principal Name for authentication" exception. Reading this: https://msdn.microsoft.com/en-us/library/ms378428.aspx We have Kerberos working on the machine and thus have krb5.conf setup correctly. However the section, " Enabling the Domain Configuration File and the Login Module Configuration File" seems to indicate we've missed a step somewhere. Forgive my ignorance here ... I've been on Windows for 20 years and this is all new to. Thanks for any guidance you can provide.
