Hadoop Security Guide
Also available as:
PDF
loading table of contents...

HDFS

To enable the Ranger HDFS plugin on a Kerberos-enabled cluster, perform the steps described below.

  1. Create the system (OS) user rangerhdfslookup. Make sure this user is synced to Ranger Admin (under Settings>Users/Groups tab in the Ranger Admin User Interface).

  2. Create a Kerberos principal for rangerhdfslookup by entering the following command:

    • kadmin.local -q 'addprinc -pw rangerhdfslookup rangerhdfslookup@example.com

    [Note]Note

    A single user/principal (e.g., rangerrepouser) can also be created and used across services.

  3. Navigate to the HDFS service.

  4. Click the Config tab.

  5. Navigate to advanced ranger-hdfs-plugin-properties and update the properties listed in the table shown below.

    Table 3.16. HDFS Plugin Properties

    Configuration Property NameValue
    Ranger repository config userrangerhdfslookup@example.com
    Ranger repository config passwordrangerhdfslookup
    common.name.for.certificateblank

  6. After updating these properties, click Save and restart the HDFS service.