HDFS

To enable the Ranger HDFS plugin on a Kerberos-enabled cluster, perform the steps described below.

Create the system (OS) user rangerhdfslookup. Make sure this user is synced to Ranger Admin (under Settings>Users/Groups tab in the Ranger Admin User Interface).
Create a Kerberos principal for rangerhdfslookup by entering the following command:
- kadmin.local -q 'addprinc -pw rangerhdfslookup rangerhdfslookup@example.com
Note
A single user/principal (e.g., rangerrepouser) can also be created and used across services.
Navigate to the HDFS service.
Click the Config tab.
Navigate to advanced ranger-hdfs-plugin-properties and update the properties listed in the table shown below.

Table 3.19. HDFS Plugin Properties
Configuration Property Name Value
Ranger repository config user rangerhdfslookup@example.com
Ranger repository config password rangerhdfslookup
common.name.for.certificate blank
After updating these properties, click Save and restart the HDFS service.

	Note
	A single user/principal (e.g., rangerrepouser) can also be created and used across services.

Configuration Property Name	Value
Ranger repository config user	rangerhdfslookup@example.com
Ranger repository config password	rangerhdfslookup
common.name.for.certificate	blank