Configuring custom Kerberos principal for Ozone

The Kerberos principal for Ozone is configured by default to use the same service principal as the default process user. However, you can change the default setting by providing a custom principal in Cloudera Manager.

  1. Go to the Cloudera Manager > Ozone service > Configuration tab.
  2. Search for Kerberos principal.
  3. Enter the custom Kerberos principals for the various Ozone roles.
  4. Click Save Changes.
  5. Restart the Ozone service.
  6. Login to the Cloudera Manager > Ranger service > Ranger Web UI page using administrator credentials.
  7. Edit cm_ozone to add or update the following key-value configuration parameters:
    1. tag.download.auth.users = [***custom_ozone_manager_role_principal***]
    2. policy.download.auth.users = [***custom_ozone_manager_role_principal***]