Hi all, I'm trying to secure our HDP cluster with kerberos but i cannot acces fileview/hiveview anymore after that.
Step done : I dit a fresh install of ambari and deploy the HDP cluster. I join all the hosts (including ambari) to our IPA real'm. Enable expiremental IPA feature Change the krb5.conf to use file system to store kerberos cache Started the Kerberos wizard and go to the end. No error reported during the wizzard and all components has been successfully restarted. Now if use the view, i always the the error : Failed to transition to *undefined* (details) <http://ambari.office.data-essential.com:8080/views/FILES/1.0.0/test/#/messages/1> : *Server status:* 500 org.apache.hadoop.security.AccessControlException: Authentication required at org.apache.hadoop.hdfs.web.WebHdfsFileSystem.validateResponse(WebHdfsFileSystem.java:460) After digging, some user are telling to : Create a new view and change the WebHDFS Authorization to use kerberos and the principal of the ambari server. (the documentation say this is no longer needed but i still tried it as it was not working at first) auth=KERBEROS;proxyuser=<ambari-server-user-principal>@REALM or without @REALM They also ask to check the core-site settings and make sure the principal proxy user is well defined. The kerberization process did as expected, both options are there : 1. hadoop.proxyuser.<ambari-server-user-principal>.groups=* 1. hadoop.proxyuser.<ambari-server-user-princiapl>.hosts=* Another said also to set both option for the user running the ambari process, i also tried. I cannot find any other suggestions, any advice on how can i troubleshoot this issue ? Thank you, Davy
