Hi Roberta… It seems like you need an auth-to-local run set up to translate trafodion-robertaclus...@trafkdc.com to trafodion.
To can do this by editing the hadoop.security.auth_to_local property under HDFS->Configs->Advanced->Advanced core-site. Adding the following rule should do the trick: RULE:[1:$1@$0](.*-robertaclus...@trafkdc.com)s/-robertaCluster@.*// You will need to add this rule to the ruleset before/above less general rules like RULE:[1:$1@$0](.*@TRAFKDC.COM)s/@.*// After adding this rule, save the config and restart the recommended services. I hope this helps, Rob From: Roberta Marton <roberta.mar...@esgyn.com<mailto:roberta.mar...@esgyn.com>> Reply-To: "user@ambari.apache.org<mailto:user@ambari.apache.org>" <user@ambari.apache.org<mailto:user@ambari.apache.org>> Date: Monday, March 21, 2016 at 2:08 PM To: "user@ambari.apache.org<mailto:user@ambari.apache.org>" <user@ambari.apache.org<mailto:user@ambari.apache.org>> Subject: Trying to create hbase tables after enabling Kerberos with Ambari I am trying to install Kerberos on top of my Hortonworks installation. I have tried this with both versions 2.2 and 2.3 and get similar results. After I enable Kerberos, I create a Linux user called trafodion and grant this user all HBase permissions. I connect as trafodion but get permission errors when I try to create a table. Details: [trafodion@myhost ~]$ whoami trafodion [trafodion@myhost ~]$ klist Ticket cache: FILE:/tmp/krb5cc_503 Default principal: trafodion-robertaclus...@trafkdc.com<mailto:trafodion-robertaclus...@trafkdc.com> Valid starting Expires Service principal 03/21/16 16:39:33 03/22/16 16:39:33 krbtgt/trafkdc....@trafkdc.com<mailto:krbtgt/trafkdc....@trafkdc.com> renew until 03/21/16 16:39:33 hbase shell hbase(main):002:0> whoami trafodion-robertaclus...@trafkdc.com<mailto:trafodion-robertaclus...@trafkdc.com>(auth:KERBEROS)OIw 2016-03-21 17:06:22,925 WARN [main] security.UserGroupInformation: No groups available for user trafodion-robertaCluster hbase(main):003:0> user_permission User Table,Family,Qualifier:Permission trafodion hbase:acl,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN] ambari-qa hbase:acl,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN] 2 row(s) in 1.7630 seconds hbase(main):004:0> create 't1', 'f1', 'f2' ERROR: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions for user 'trafodion-robertaCluster' (global, action=CREATE) I am able to perform ‘user_permission’ but not ‘create’ Any suggestion on how to proceed? Roberta