3.1. Creating Kerberos Principals

Step 1: As root user, start the kadmin tool on the KDC server.

/usr/krb5/sbin/kadmin.local
kadmin.local:

Step 2: Create the principal for all services in your Hadoop cluster.

kadmin: addprinc -randkey $principal_name/$fully.qualified.domain.name@$YOUR-REALM.COM

where the $principal_name must use following mandatory naming conventions:

Table 5.15. Secure deployment - Mandatory naming conventions for principals
Service Name Principal Name (mandatory naming convention)
NameNode nn and HTTP
Secondary NameNode nn, HTTP
JobTracker jt
TaskTracker tt
DataNode dn

HBase Master

hm

HBase RegionServer

rs
Hive Metastore hive
Oozie oozie
Oozie HTTP
WebHCat HTTP

For example, to create NameNode principals, from the shell try:

kadmin: addprinc -randkey nn/NAMENODE@EXAMPLE.COM
kadmin: addprinc -randkey HTTP/NAMENODE@EXAMPLE.COM 
                

Step 3: Follow the instructions for Step - 2 above to create keytab files according to the following mandatory naming conventions:

Table 5.16. Secure deployment - Mandatory naming conventions for principals
User Name Principal Name (mandatory naming convention)
HDFS User hdfs
Smoke Test User Value specified for smoke_test_user property in master-install-location/gsInstaller/gsInstaller.properties file.


loading table of contents...