Open michalklempa opened 8 years ago
Should i create principals for each hadoop system user?
hive@KLEMPA.CDH.SEB
hdfs@KLEMPA.CDH.SEB (this one i have already created to be able to access hdfs)
yarn@KLEMPA.CDH.SEB
impala@KLEMPA.CDH.SEB
hbase@KLEMPA.CDH.SEB
...
You don't need to. The only one I ever typically create is hdfs and maybe hive. The individual services will be running with their automatically generated service principals so these are just for your use and convenience. The hdfs account is useful for general administration and hive can be useful depending on how you choose to set up Sentry. I don't typically create the other ones unless I need them for some reason.
Why I have to retype ferdinand and password into beeline while logging in, eve though I have kinit-ed as ferdinand before running beeline?
This is a tricky detail with beeline. It requires a username and password to be specified, even when authenticating with Kerberos. But it doesn't actually use the username and password, so you can specify anything (like a:b) and it will work (or not) based on your Kerberos authentication, not whatever you specify to beeline.
.