Hi Jessie, Good that you have a reference to solve this.
Yes, you need to have auth_to_local configured for hadoop component in core-site.xml, so that the kerberos principal from the components are translated to user which you maintained in Ranger and policies in it. Please revert back if you have any issues. Thanks, Ramesh From: Jessie Kao <gaojingxu....@gmail.com<mailto:gaojingxu....@gmail.com>> Reply-To: "user@ranger.apache.org<mailto:user@ranger.apache.org>" <user@ranger.apache.org<mailto:user@ranger.apache.org>> Date: Wednesday, January 2, 2019 at 1:05 PM To: "user@ranger.apache.org<mailto:user@ranger.apache.org>" <user@ranger.apache.org<mailto:user@ranger.apache.org>> Subject: Re: Question: whether and how Ranger user list can be synced with standalone MIT Kerberos principles looks like I can do auth_to_local and to Ranger... Found a similar question: https://stackoverflow.com/questions/42285976/ranger-user-sync-with-kerberos Will try and followup if I still need help. Thank you! On Wed, Jan 2, 2019 at 12:01 PM Jessie Kao <gaojingxu....@gmail.com<mailto:gaojingxu....@gmail.com>> wrote: Hi everyone, Happy New Year! This might be a dumb question... Really appreciate if someone could help me figure this out. We have 1) standalone KDC (no AD/LDAP, etc) 2)Kerberos-ed Hadoop clusters 3)Ranger Admin and Ranger HDFS plugin (configured for Kerberos-ed environment). My question is: whether and how Ranger user list can be synced with those Kerberos principles & how will this work. Fact is that those Kerberos principles created will not be synced to Ranger user list and users created in Ranger internally will not be a Kerberos principle... Thank you for your time. Really appreciate it if someone could help. Best, Jessie
