Step 6: Get or create a Kerberos principal for each user account
How to create a Kerberos principal for a user account.
Now that Kerberos is configured and enabled on your cluster, you and every other Hadoop user must have a Kerberos principal or keytab to obtain Kerberos credentials to be allowed to access the cluster and use the Hadoop services. In the next step of this procedure, you will need to create your own Kerberos principals to verify that Kerberos security is working on your cluster. If you and the other Hadoop users already have a Kerberos principal or keytab, or if your Kerberos administrator can provide them, you can skip ahead to the next step.
If you are using Active Directory
If you are using MIT KDC
kadminshell, use the following command to create user principals by replacing
YOUR-LOCAL-REALM.COMwith the name of your realm, and replacing
USERNAMEwith a username:
kadmin: addprinc USERNAME@YOUR-LOCAL-REALM.COM
- Enter and re-enter a password when prompted.