[
https://issues.apache.org/jira/browse/OOZIE-1726?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13919640#comment-13919640
]
Bowen Zhang commented on OOZIE-1726:
------------------------------------
I am actually working on a fix for this one.
> Oozie does not support _HOST when configuring kerberos security
> ---------------------------------------------------------------
>
> Key: OOZIE-1726
> URL: https://issues.apache.org/jira/browse/OOZIE-1726
> Project: Oozie
> Issue Type: Improvement
> Components: core
> Affects Versions: 4.0.0
> Reporter: Mingjiang Shi
> Assignee: Bowen Zhang
>
> When configuring kerberos security for Oozie, the
> oozie.service.HadoopAccessorService.kerberos.principal property and
> oozie.authentication.kerberos.principal need to be configured. However, both
> of which don't support _HOST substitution, i.e. if it is configured as
> oozie/_h...@example.com, the _HOST shall be replaced with the FQDN of the
> host. This feature is supported by hdfs and yarn, so it would be great if
> oozie support it as well.
> Below is from the oozie log:
> ======================
> 2014-02-17 08:28:53,199 FATAL Services:533 - USER[-] GROUP[-] E0100: Could
> not initialize service [org.apache.oozie.service.HadoopAccessorService],
> Login failure for oozie/_h...@example.com from keytab
> /etc/security/keytab/oozie.service.keytab
> org.apache.oozie.service.ServiceException: E0100: Could not initialize
> service [org.apache.oozie.service.HadoopAccessorService], Login failure for
> oozie/_h...@example.com from keytab /etc/security/keytab/oozie.service.keytab
> ======================
--
This message was sent by Atlassian JIRA
(v6.2#6252)
