Configuring custom Kerberos principal for Oozie

The Kerberos principal for Ozone is configured by default to use the same service principal as the default process user. However, you can change the default setting by providing a custom principal in Cloudera Manager.

In Cloudera Manager, click Clusters > Oozie.
Go to the Configuration tab.
Search for the Kerberos Principal by entering "kerberos" in the search field.
For Kerberos Principal, enter your custom principal value.
Click Save Changes.
Click Actions and select Restart to restart the service.

Setting proxy configurations in the oozie-site.xml file

If the Kerberos principal name is customized for a Knox service having a default service user name, perform the following procedure to set the proxy configurations in the oozie-site.xml file:

In Cloudera Manager, click Clusters > Oozie.
Go to the Configuration tab.
Search for Oozie-site.
For Oozie Server Advanced Configuration Snippet (Safety Valve) for oozie-site.xml, set the following proxy configurations:
- ```
oozie.service.ProxyUserService.proxyuser.<knox_principal_name>.groups = <list of allowed groups>
```
- ```
oozie.service.ProxyUserService.proxyuser.<knox_principal_name>.hosts = <list of allowed hosts>
```
where <knox_principal_name> is the value of the Kerberos Principal in the Knox service. Select Clusters > Knox > Configuration and search for Kerberos Principal to display this value.
Click Save Changes.
Click Actions and select Restart to restart the service.