Le 12 déc. 2014 à 03:13, Vinod Kumar Vavilapalli vino...@hortonworks.com a
écrit :
Auth to local mappings
- nn/nn-h...@cluster.com - hdfs
- dn/.*@cluster.com - hdfs
The combination of the above lets you block any other user other than hdfs
from faking like a datanode.
Purposes
-
Le 10 déc. 2014 à 20:08, Vinod Kumar Vavilapalli vino...@hortonworks.com a
écrit :
You don't need patterns for host-names, did you see the support for _HOST in
the principle names? You can specify the datanode principle to be say
datanodeUser@_HOST@realm, and Hadoop libraries interpret and
I may be mistaken, but let me try again with an example to see if we are on the
same page
Principals
- NameNode: nn/nn-h...@cluster.com
- DataNode: dn/_h...@cluster.com
Auth to local mappings
- nn/nn-h...@cluster.com - hdfs
- dn/.*@cluster.com - hdfs
The combination of the above lets you
Hello,
how would you guys go about adding additional nodes to a Hadoop cluster running
with Kerberos, preferably without restarting the
namenode/resourcemanager/hbase-master etc?
I am aware that one can add names to dfs.hosts and run dfsadmin -refreshNodes,
but with Kerberos I have the
I am aware that one can add names to dfs.hosts and run dfsadmin
-refreshNodes, but with Kerberos I have the additional problem that the new
hosts' principals have to be added to hadoop.security.auth_to_local (I do not
have the luxury of an easy albeit secure pattern for host names). Alas,