Thanks Rakesh. On Tue, Jun 28, 2016 at 8:28 AM, Rakesh Radhakrishnan <[email protected]> wrote:
> Hi Aneela, > > IIUC, Namenode, Datanode is using _HOST pattern in their principal and > needs to create separate principal for NN and DN if running in different > machines. I hope the below explanation will help you. > > "dfs.namenode.kerberos.principal" is typically set to nn/_HOST@REALM. > Each Namenode will substitute the _HOST with its own fully qualified > hostname at startup.The _HOST placeholder allows using the same > configuration setting on both Active and Standby NameNodes in an HA setup > > Similarly "dfs.datanode.kerberos.principal" will set to dn/_HOST@REALM. > DataNode will substitute _HOST with its own fully qualified hostname at > startup. The _HOST placeholder allows using the same configuration setting > on all DataNodes. > > Again, if you are using HA setup with QJM, > "dfs.journalnode.kerberos.principal" will set to jn/_HOST@REALM > > >>>>>Do i need to copy all the kerberos configuration files like kdc.conf > and krb5.conf etc on every node in default locations? > Yes, you need to place these in appropriate paths in all the machines. > > Regards, > Rakesh > > On Tue, Jun 28, 2016 at 3:15 AM, Aneela Saleem <[email protected]> > wrote: > >> Hi all, >> >> I have configured Kerberos for single node cluster successfully. I used >> this >> <http://queryio.com/hadoop-big-data-docs/hadoop-big-data-admin-guide/queryio/hadoop-security-setup-kerberos.html#add_admin> >> documentation >> for configurations. Now i'm enabling security for multi node cluster and i >> have some confusions about that. Like >> >> How principals would be managed for namenode and data node? because till >> now i had only one principal *hdfs/_HOST@platalyticsrealm *used for both >> namenode as well as for datanode? Do i need to add separate principals for >> both namenode and datanode having different hostname? for example: >> if my namenode hostname is *hadoop-master* then there should be >> principal added *nn/hadoop-master@platalyticsrealm *(with appropriate >> keytab file) >> if my datanode hostname is *hadoop-slave *then there should be principal >> added *dn/hadoop-slave@platalyticsrealm* (with appropriate keytab file) >> >> Do i need to copy all the kerberos configuration files like kdc.conf and >> krb5.conf etc on every node in default locations? >> >> A little guidance would be highly appreciated. Thanks >> > >
