[jira] [Updated] (IGNITE-6747) Use _HOST instead of FDQN when configuring principal for IgfsSecondaryFileSystem with kerberos enable

Reid Chan (JIRA) Wed, 25 Oct 2017 19:33:01 -0700

     [ 
https://issues.apache.org/jira/browse/IGNITE-6747?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Reid Chan updated IGNITE-6747:
------------------------------
    Description: 
So far, igfs can access to kerberized hdfs by providing {{keyTab}} and 
{{keyTabPrincipal}}:
{code}
<property name="keyTab" value="/path/to/keytab"/>
<property name="keyTabPrincipal" 
value="ignite/fully.qualified.domain.name@REALM"/>
{code}
But it becomes nightmare when number of grid nodes is more than hundreds or 
even thousands which is in my case, since i have to configure FDQN for each 
node.
Hadoop's package already provides an easy way which uses "_HOST" instead of 
FDQN, i think it's better to use it:
{code}
<property name="keyTabPrincipal" value="ignite/_HOST@REALM"/>
{code}
and the "_HOST" will be replaced with respective machine's host name.

Suggestions are welcomed.

  was:
So far, igfs can access to kerberized hdfs by providing {{keyTab}} and 
{{keyTabPrincipal}}:
{code}
<property name="keyTab" value="/path/to/keytab"/>
<property name="keyTabPrincipal" 
value="ignite/fully.qualified.domain.name@REALM"/>
{code}
But it becomes nightmare when number of grid nodes is more than hundreds or 
even thousands which is in my case, since i have to configure FDQN for each 
node.
Hadoop's package already provides an easy way which uses "_HOST" instead of 
FDQN, i think it's better to use it.
{code}
<property name="keyTabPrincipal" value="ignite/_HOST@REALM"/>
{code}
and the "_HOST" will be replaced with respective machine's host name.

Suggestions are welcomed.


> Use _HOST instead of FDQN when configuring principal for 
> IgfsSecondaryFileSystem with kerberos enable
> -----------------------------------------------------------------------------------------------------
>
>                 Key: IGNITE-6747
>                 URL: https://issues.apache.org/jira/browse/IGNITE-6747
>             Project: Ignite
>          Issue Type: Improvement
>      Security Level: Public(Viewable by anyone) 
>          Components: hadoop
>    Affects Versions: 2.2
>            Reporter: Reid Chan
>
> So far, igfs can access to kerberized hdfs by providing {{keyTab}} and 
> {{keyTabPrincipal}}:
> {code}
> <property name="keyTab" value="/path/to/keytab"/>
> <property name="keyTabPrincipal" 
> value="ignite/fully.qualified.domain.name@REALM"/>
> {code}
> But it becomes nightmare when number of grid nodes is more than hundreds or 
> even thousands which is in my case, since i have to configure FDQN for each 
> node.
> Hadoop's package already provides an easy way which uses "_HOST" instead of 
> FDQN, i think it's better to use it:
> {code}
> <property name="keyTabPrincipal" value="ignite/_HOST@REALM"/>
> {code}
> and the "_HOST" will be replaced with respective machine's host name.
> Suggestions are welcomed.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (IGNITE-6747) Use _HOST instead of FDQN when configuring principal for IgfsSecondaryFileSystem with kerberos enable

Reply via email to