Kerberos connectivity test
As part of Test Connectivity, Cloudera Manager tests for properly configured Kerberos authentication on the source and destination clusters that run the replication. Test Connectivity runs automatically when you add a peer for replication, or you can manually initiate Test Connectivity from the Actions menu.
This feature is available when the source and destination clusters run Cloudera Manager
5.12 or later. You can disable the Kerberos connectivity test by setting
feature_flag_test_kerberos_connectivity
to false
with
the Cloudera Manager API: api/<version>/cm/config
.
If the test detects any issues with the Kerberos configuration, Cloudera Manager provides resolution steps based on whether Cloudera Manager manages the Kerberos configuration file.
- Whether both clusters have Kerberos enabled or not.
- Replication is supported from unsecure cluster to secure cluster starting Cloudera Manager 6.1 and later.
- Replication is not supported if the source cluster uses Kerberos and target cluster is unsecure.
- Whether both clusters are in the same Kerberos realm. Clusters in the same realm must share the same KDC or the KDCs must be in a unified realm.
- Whether clusters are in different Kerberos realms. If the clusters
are in different realms, the destination cluster must be configured
according to the following criteria:
- Destination HDFS services must have the correct Trusted Kerberos Realms setting.
- The
krb5.conf
file has the correctdomain_realm
mapping on all the hosts. - The
krb5.conf
file has the correctrealms
information on all the hosts.
- Whether the local and peer KDC are running on an available port. This port must be open for all hosts in the cluster. The default port is 88.
Kerberos Recommendations
If Cloudera Manager manages the Kerberos configuration file, Cloudera Manager configures Kerberos correctly for you and then provides the set of commands that you must manually run to finish configuring the clusters. If Cloudera Manager does not manage the Kerberos configuration file, Cloudera manager provides the manual steps required to correct the issue.