Now that Kerberos is configured and enabled on your cluster, you and every other Hadoop user must have a Kerberos principal or keytab to obtain Kerberos credentials to be allowed to access the cluster and use the Hadoop services. In the next step of this procedure, you will need to create your own Kerberos principals in order to verify that Kerberos security is working on your cluster. If you and the other Hadoop users already have a Kerberos principal or keytab, or if your Kerberos administrator can provide them, you can skip to Step 16: Prepare the Cluster for Each User.

The following instructions explain to create a Kerberos principal for a user account.

To create a Kerberos principal for a user account:

1. In the kadmin.local or kadmin shell, use the following command to create a principal for your account by replacing YOUR-LOCAL-REALM.COM with the name of your realm, and replacing USERNAME with a username:

   kadmin:  addprinc USERNAME@YOUR-LOCAL-REALM.COM

2. When prompted, enter a password twice.