Re: Datanode does not need hdfs.headless.keytab ?

Great ! Thanks Rob! I will try it out today and reach out if I hit issues. Thank you for your help. Di On Wed, Apr 4, 2018 at 4:15 PM, Robert Levas wrote: > If you would like the HDFS keytab file installed on the same host as your > component, you can add a reference

Re: Datanode does not need hdfs.headless.keytab ?

If you would like the HDFS keytab file installed on the same host as your component, you can add a reference to that Kerberos identity in your Kerberos.json file. Ideally this reference would be added to the "identities" section for the specific component. The declaration would look something

Re: Datanode does not need hdfs.headless.keytab ?

Hi Rob, Thanks for the explanation. I don't have issues with DN per se. My case falls into the "*since then some services need to create directories and change permissions on them as the HDFS root user upon installation * category that you mentioned. I paired my service with DN assuming

Re: Datanode does not need hdfs.headless.keytab ?

The DN does not need to authenticate as the "root" HDFS user to perform administrative tasks. A while back, we started an initiative to reduce the exposure of the HDFS "root" user due to security concerns. In doing so, we tightened up where we distribute the HDFS keytab file. However since