Thanks for your suggestion. My property settings did have the second rule defined but not the first.
However, it did not seem to help. I tried setting the rule several other ways but nothing seems to work. I still get the same behavior. Roberta *From:* Robert Levas [mailto:rle...@hortonworks.com] *Sent:* Monday, March 21, 2016 11:21 AM *To:* user@ambari.apache.org *Subject:* Re: Trying to create hbase tables after enabling Kerberos with Ambari Hi Roberta… It seems like you need an auth-to-local run set up to translate trafodion-robertaclus...@trafkdc.com to trafodion. To can do this by editing the hadoop.security.auth_to_local property under HDFS->Configs->Advanced->Advanced core-site. Adding the following rule should do the trick: RULE:[1:$1@$0](.*-robertaclus...@trafkdc.com)s/-robertaCluster@.*// You will need to add this rule to the ruleset before/above less general rules like RULE:[1:$1@$0](.*@TRAFKDC.COM)s/@.*// After adding this rule, save the config and restart the recommended services. I hope this helps, Rob *From: *Roberta Marton <roberta.mar...@esgyn.com> *Reply-To: *"user@ambari.apache.org" <user@ambari.apache.org> *Date: *Monday, March 21, 2016 at 2:08 PM *To: *"user@ambari.apache.org" <user@ambari.apache.org> *Subject: *Trying to create hbase tables after enabling Kerberos with Ambari I am trying to install Kerberos on top of my Hortonworks installation. I have tried this with both versions 2.2 and 2.3 and get similar results. After I enable Kerberos, I create a Linux user called trafodion and grant this user all HBase permissions. I connect as trafodion but get permission errors when I try to create a table. Details: [trafodion@myhost ~]$ whoami trafodion [trafodion@myhost ~]$ klist Ticket cache: FILE:/tmp/krb5cc_503 Default principal: trafodion-robertaclus...@trafkdc.com Valid starting Expires Service principal 03/21/16 16:39:33 03/22/16 16:39:33 krbtgt/trafkdc....@trafkdc.com renew until 03/21/16 16:39:33 hbase shell hbase(main):002:0> whoami trafodion-robertaclus...@trafkdc.com(auth:KERBEROS)OIw 2016-03-21 17:06:22,925 WARN [main] security.UserGroupInformation: No groups available for user trafodion-robertaCluster hbase(main):003:0> user_permission User Table,Family,Qualifier:Permission trafodion hbase:acl,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN] ambari-qa hbase:acl,,: [Permission: actions=READ,WRITE,EXEC,CREATE,ADMIN] 2 row(s) in 1.7630 seconds hbase(main):004:0> create 't1', 'f1', 'f2' ERROR: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions for user 'trafodion-robertaCluster' (global, action=CREATE) I am able to perform ‘user_permission’ but not ‘create’ Any suggestion on how to proceed? Roberta
