Open ssandona opened 1 year ago
@ssandona @varunrao Just trying this out (and CF stack deployment went through perfectly fine..) so maybe a very dumb question, but is trino-cli usable as any user?
(From EMR Primary)
# klist
klist: No credentials cache found (filename: /tmp/krb5cc_0)
I was trying stuff out from here, but didn't help https://github.com/aws-samples/aws-emr-apache-ranger/blob/e75f25dcde5b40a71717a9ca948df88acebf08bf/aws_emr_blog_v3/scripts/emr-steps/presto-cli-kerberos_fix.sh
Hue UI is complaining of "LDAP server Error: Can't contact LDAP server" even though the LDAP server seems perfectly healthy.
I just need to get to trino somehow, to create some tables..
@ssandona @varunrao Just trying this out (and CF stack deployment went through perfectly fine..) so maybe a very dumb question, but is trino-cli usable as any user?
(From EMR Primary)
# klist klist: No credentials cache found (filename: /tmp/krb5cc_0)
I was trying stuff out from here, but didn't help https://github.com/aws-samples/aws-emr-apache-ranger/blob/e75f25dcde5b40a71717a9ca948df88acebf08bf/aws_emr_blog_v3/scripts/emr-steps/presto-cli-kerberos_fix.sh
Hue UI is complaining of "LDAP server Error: Can't contact LDAP server" even though the LDAP server seems perfectly healthy.
I just need to get to trino somehow, to create some tables..
For anybody who faces #1 , this helped:
kinit -kt /etc/trino.keytab trino/$(hostname -f)@EC2.INTERNAL
The current trino kerberos mapping rules are defined as follow
this allows interactions from Hue as the hue kerberos principal
hue/<machine>@<domain>
matches the pattern but does not allow to use the trino-cli with AD users as the related principalusername@<domain>
does not match the pattern.