Mingjiang Shi created OOZIE-1726:
------------------------------------
Summary: Oozie does not support _HOST when configuring kerberos
security
Key: OOZIE-1726
URL: https://issues.apache.org/jira/browse/OOZIE-1726
Project: Oozie
Issue Type: Improvement
Components: core
Affects Versions: 4.0.0
Reporter: Mingjiang Shi
When configuring kerberos security for Oozie, the
oozie.service.HadoopAccessorService.kerberos.principal property and
oozie.authentication.kerberos.principal need to be configured. However, both
of which don't support _HOST substitution, i.e. if it is configured as
oozie/_h...@example.com, the _HOST shall be replaced with the FQDN of the host.
This feature is supported by hdfs and yarn, so it would be great if oozie
support it as well.
Below is from the oozie log:
======================
2014-02-17 08:28:53,199 FATAL Services:533 - USER[-] GROUP[-] E0100: Could not
initialize service [org.apache.oozie.service.HadoopAccessorService], Login
failure for oozie/_h...@example.com from keytab
/etc/security/keytab/oozie.service.keytab
org.apache.oozie.service.ServiceException: E0100: Could not initialize service
[org.apache.oozie.service.HadoopAccessorService], Login failure for
oozie/_h...@example.com from keytab /etc/security/keytab/oozie.service.keytab
======================
--
This message was sent by Atlassian JIRA
(v6.2#6252)
