Hi, I have a Kerberos-ed Hadoop cluster that has Ranger HDFS plugin enabled and Ranger Admin is working fine with it. My question is: do I need to add "ranger" as kerberos principle and unix user in this Kerberos-ed Hadoop cluster or anywhere else?
Would appreciate it if there are any recommended readings on the mechanism/ architecture diagram how Ranger admin <> Ranger plugin <> Hadoop (HDFS specifically) <> KDC works with each other. My current understanding is that we don't need to... The only place I saw ranger-admin principle is in the below doc for scenario when we want to install Ranger in Kerberos-ed environment. https://cwiki.apache.org/confluence/display/RANGER/Ranger+installation+in+Kerberized++Environment#RangerinstallationinKerberizedEnvironment-Summary But my understanding is that if Ranger Admin is not in Kerberos-ed environment but only Ranger plugin is (plugin is on a Kerberos-ed Hadoop cluster where HDFS namenode is), then we don't need to add ranger as unix user or create principle/ keytab for it. Would appreciate any advice on the question. Thanks, Jessie
