Hi Alejandro, Thanks for your replying -- Can you please give me a bit more hint of "configure your nodes to use LDAP as their source of user provisioning." I searched the document of hadoop but saw no clues. I have oozie uid and it is working fine with securely impersonates other users but now I am having all these real unix users on cluster and it is annoying to manage them. The cluster task-controller complains "no such user" if I do not provision the real user id on namenode....what did I miss? I appreciate your input...
Thanks -Jun On Thu, Feb 14, 2013 at 3:34 PM, Alejandro Abdelnur <[email protected]>wrote: > Jun, > > With Kerberos enabled, you need in your Hadoop cluster (all nodes) a unix > id for every user submitting jobs to the cluster (via proxy user -like > Oozie- or directly). > > You can configure your nodes to use LDAP as their source of user > provisioning. > > Thx > > > On Thu, Feb 14, 2013 at 12:29 PM, Jun Yuan-Murray <[email protected]> > wrote: > > > ==Sorry for the spam if this mail has been sent more than once===If > failed > > when I first tired ... ======== > > > > Hello all, > > > > I am using the secure impersonation feature of oozie to enable admin(with > > credentials) run jobs on behalf of proxy > > users(without credentials). I have a naive question ... > > > > For the ease of user account management I would rather keep all these > users > > and their groups somewhere else > > maybe in an active directory instead of on the cluster namenode. Does > > secure impersonation of oozie allow the > > admin to run job on behalf of fake users (not really unix users)? or I > have > > to keep all the unix users? > > > > Thanks very much! > > > > -- > > > > Best, > > > > Jun Yuan-Murray > > > > ------------------------------------------------------------- > > PhD Candidate, CS Dept, SPLAT > > Stony Brook University > > > > > > -- > Alejandro > -- Best, Jun Yuan-Murray ------------------------------------------------------------- PhD Candidate, CS Dept, SPLAT Stony Brook University
