Uploading and unlocking your keytab in SSB
After setting Kerberos or Knox authentication for SSB, you need to unlock the user specific keytabs on the Streaming SQL Console by providing your keytab passowrd or uploading the keytab file.
- Before unlocking the keytab, you need to authenticate your username.
Navigate to the Streaming SQL Console.
The Streaming SQL Console opens in a new window.
- Go to your cluster in Cloudera Manager.
- Select SQL Stream Builder from the list of services.
- Click SQLStreamBuilder Console.
- Click your username at the right top corner of the Streaming SQL Console.
Click Manage keytab.
You are redirected to the Keytab Manager page.You can either unlock the keytab already existing on the cluster, or you can directly upload your keytab file in the SQL Stream Builder.
- Provide your password to the Keytab Password field to unlock your keytab.
- Click Unlock Keytab.
- Click Choose file to upload your keytab file.
- Search and select your keytab file.
- Click Upload Keytab.
Click Unlock Keytab.
In case there is an error when unlocking your keytab, you can get more information about the issue with the following steps:
- Manually upload your keytab to the Streaming Analytics
scp <location>/<your_keytab_file> <workload_username>@<manager_node_FQDN>:. Password:<your_workload_password>
- Access the manager node of your Streaming Analytics
ssh <workload_username>@<manager_node_FQDN> Password: <workload_password>
kinitcommand to authenticate your user:
kinit -kt <keytab_filename>.keytab <workload_username>
- Use the
flink-yarn-sessioncommand to see if the authentication works properly:
flink-yarn-session -d \ -D security.kerberos.login.keytab=<keytab_filename>.keytab \ -D security.kerberos.login.principal=<workload_username>
- Manually upload your keytab to the Streaming Analytics cluster: