Step 15: Create the HDFS Superuser Principal
In order to be able to create home directories for users in Step 16: Prepare the Cluster for Each User, you will need access to the HDFS superuser account. (CDH automatically created the HDFS superuser account on each cluster host during CDH installation.) When you enabled Kerberos for the HDFS service in Step 8: Enable Hadoop Security, you lost access to the HDFS superuser account via sudo -u hdfs commands. To enable your access to the HDFS superuser account now that Kerberos is enabled, you must create a Kerberos principal whose first component is hdfs:
- In the kadmin.local or kadmin shell, type the following command to create a Kerberos principal called hdfs:
kadmin: addprinc hdfs@YOUR-LOCAL-REALM.COM
Note: This command prompts you to create a password for the hdfs principal. You should use a strong password because having access to this principal provides superuser access to all of the files in HDFS. - To run commands as the HDFS superuser, you must obtain Kerberos credentials for the hdfs principal. To do so, run the following command and provide the appropriate password when prompted.
$ kinit hdfs@YOUR-LOCAL-REALM.COM
<< Step 14: Deploy Client Configurations | Step 16: Get or Create a Kerberos Principal or Keytab for Each User Account >> | |