Open michalklempa opened 8 years ago
michalklempa
commented
8 years ago Should i create principals for each hadoop system user?
hive@KLEMPA.CDH.SEB
hdfs@KLEMPA.CDH.SEB (this one i have already created to be able to access hdfs)
yarn@KLEMPA.CDH.SEB
impala@KLEMPA.CDH.SEB
hbase@KLEMPA.CDH.SEB
...
mikeridley
commented
8 years ago You don't need to. The only one I ever typically create is hdfs and maybe hive. The individual services will be running with their automatically generated service principals so these are just for your use and convenience. The hdfs account is useful for general administration and hive can be useful depending on how you choose to set up Sentry. I don't typically create the other ones unless I need them for some reason.
michalklempa
commented
8 years ago Why I have to retype ferdinand and password into beeline while logging in, eve though I have kinit-ed as ferdinand before running beeline?
mikeridley
commented
8 years ago This is a tricky detail with beeline. It requires a username and password to be specified, even when authenticating with Kerberos. But it doesn't actually use the username and password, so you can specify anything (like a:b) and it will work (or not) based on your Kerberos authentication, not whatever you specify to beeline.
.