Additional Ranger Plugin Steps for Kerberos: Knox

How to enable the Ranger Knox plugin on a Kerberos cluster.

1. Create the system (OS) user rangerknoxlookup. Make sure this user is synced to Ranger Admin (under Settings>Users/Groups tab in the Ranger Admin UI).
2. Create a Kerberos principal for rangerknoxlookup: kadmin.local -q 'addprinc -pw rangerknoxlookup rangerknoxlookup@example.com.
3. Navigate to the Knox service.
4. Click the Config tab and navigate to advanced ranger-knox-plugin-properties.
5. Update the following properties with the values listed in the table below.

   Table 1. Knox Plugin Properties

   Configuration Property Name	Value
   Ranger service config user	rangerknoxlookup@example.com
   Ranger service config password	rangerknoxlookup
   common.name.for.certificate	blank

6. After updating these properties, click Save and then restart the Knox service.
7. Open the Ranger Admin UI by entering the following information:
   • http://ranger-host>:6080
   • username/password - admin/admin. or use username as shown in advanced ranger-env under the Config tab of the Ranger service, and password as shown in Admin Settings.
8. After you have successfully logged into the system, you will be redirected to the Access Manager page.
9. Click the repository (clusterName_hadoop) Edit option under the HDFS box.
10. Update the following properties listed in the table below under the Config Properties section:

    Table 2. Knox Configuration Properties

    Configuration Property Name	Value
    fs.default.name	hdfs
    hadoop.rpc.protection	blank
    common.name.for.certificate	blank

11. Click Named Test Connection. You should see a Connected Successfully dialog box appears.
12. Click Save.