To enable the Ranger HDFS plugin on a Kerberos-enabled cluster, perform the steps described below.

  1. Create the system (OS) user rangerhdfslookup. Make sure this user is synced to Ranger Admin (under Settings>Users/Groups tab in the Ranger Admin User Interface).

  2. Create a Kerberos principal for rangerhdfslookup by entering the following command:

    • kadmin.local -q 'addprinc -pw rangerhdfslookup


    A single user/principal (e.g., rangerrepouser) can also be created and used across services.

  3. Navigate to the HDFS service.

  4. Click the Config tab.

  5. Navigate to advanced ranger-hdfs-plugin-properties and update the properties listed in the table shown below.

    Table 3.19. HDFS Plugin Properties

    Configuration Property NameValue
    Ranger repository config
    Ranger repository config passwordrangerhdfslookup

  6. After updating these properties, click Save and restart the HDFS service.