You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@hadoop.apache.org by Bear Giles <bg...@snaplogic.com> on 2018/01/25 15:24:29 UTC
Kerberos auth + user impersonation
Hi, kerberos auth question here.
We need to have Kerberos authentication with user impersonation. I know we
had it working on one of our test clusters earlier but nobody can remember
which one or how it was configured. :-(
From my research I have the following items:
1. There is are Kerberos users alice@REALM and bob@REALM.
2. 'alice' is in the 'supergroup' group on the HDFS node I access.
3. The server has hadoop.proxyuser.alice.users = * set in core-site.xml.
(see note)
4. I can connect using alice@REALM.
5. When I try to connect using UGI.createProxyUser("bob", alice) I get a
"Client cannot authenticate via:[TOKEN, KERBEROS]" error.
6. I didn't have success with "bob@REALM" earlier but I've change the
configuration since then so I might have missed something.
Do I need to create an additional principal for alice? Something like
alice/hdfs@REALM? alice/supergroup@REALM?
Is there
(note: We're using CDH and I'm setting this on the 'advanced configuration
snippets' page. I saved the settings and restarted the servers but I'm not
sure that the files are actually being updated. I've also changed the
configuration files manually.)
--
Bear Giles
Sr. Java Application Engineer
bgiles@snaplogic.com
Mobile: 720-749-7876
<http://www.snaplogic.com/about-us/jobs>
*SnapLogic Inc | 929 Pearl St #200 | 80303 CO 80302 | USA*
*SnapLogic Inc | 2 W 5th Avenue 4th Floor | San Mateo CA 94402 | USA *
This message is confidential. It may also be privileged or otherwise
protected by work product immunity or other legal rules. If you have
received it by mistake, please let us know by e-mail reply and delete it
from your system; you may not copy this message or disclose its contents to
anyone. The integrity and security of this message cannot be guaranteed on
the Internet.
Re: Kerberos auth + user impersonation
Posted by Jorge Machado <jo...@me.com>.
Hi Bear,
I have spend quite a time about this topics, actually if you just set the HADOOP_PROXY_USER and then just use loginUserFromKeytab or loginfromSubject it will create a proxy for you.
have you set the hadoop.proxyuse.<user>.hosts ? that is important could be your error to.
Jorge Machado
www.jmachado.me
> On 25 Jan 2018, at 15:24, Bear Giles <bg...@snaplogic.com> wrote:
>
> Hi, kerberos auth question here.
>
> We need to have Kerberos authentication with user impersonation. I know we had it working on one of our test clusters earlier but nobody can remember which one or how it was configured. :-(
>
> From my research I have the following items:
>
> 1. There is are Kerberos users alice@REALM and bob@REALM.
>
> 2. 'alice' is in the 'supergroup' group on the HDFS node I access.
>
> 3. The server has hadoop.proxyuser.alice.users = * set in core-site.xml. (see note)
>
> 4. I can connect using alice@REALM.
>
> 5. When I try to connect using UGI.createProxyUser("bob", alice) I get a "Client cannot authenticate via:[TOKEN, KERBEROS]" error.
>
> 6. I didn't have success with "bob@REALM" earlier but I've change the configuration since then so I might have missed something.
>
> Do I need to create an additional principal for alice? Something like alice/hdfs@REALM? alice/supergroup@REALM?
>
> Is there
>
> (note: We're using CDH and I'm setting this on the 'advanced configuration snippets' page. I saved the settings and restarted the servers but I'm not sure that the files are actually being updated. I've also changed the configuration files manually.)
>
> --
>
> Bear Giles
>
> Sr. Java Application Engineer
> bgiles@snaplogic.com <ma...@snaplogic.com>
> Mobile: 720-749-7876
>
>
> <http://www.snaplogic.com/about-us/jobs>
>
>
> SnapLogic Inc | 929 Pearl St #200 | 80303 CO 80302 | USA
>
> SnapLogic Inc | 2 W 5th Avenue 4th Floor | San Mateo CA 94402 | USA
>
> This message is confidential. It may also be privileged or otherwise protected by work product immunity or other legal rules. If you have received it by mistake, please let us know by e-mail reply and delete it from your system; you may not copy this message or disclose its contents to anyone. The integrity and security of this message cannot be guaranteed on the Internet.
>
Re: Kerberos auth + user impersonation
Posted by Bear Giles <bg...@snaplogic.com>.
The supergroup is 'supergroup'.
The user 'snapuser' is in that group.
I've added hadoop.proxyuser.snapuser.hosts, .groups, and .users to the conf
file. (Via advanced options safety valve for core-site.xml in CDH manager.)
I verified the change is in the deployed configuration.
It works for SIMPLE auth on a different cluster. Before it gave me the
"unable to impersonate" message. But something about Kerberos it tripping
me up.
What's really annoying is that we had it working earlier on a different
cluster and AFAIK everything is configured identically, with the possible
exception of a RPC vs SASL flag buried someone on a configuration page.
On Fri, Jan 26, 2018 at 7:59 AM, Jorge Machado <jo...@me.com> wrote:
> Have you added the proxy.***.hosts to hadoop config ?
> Check this: https://hadoop.apache.org/docs/r2.8.0/hadoop-
> project-dist/hadoop-common/Superusers.html
>
> Jorge Machado
> www.jmachado.me
>
>
>
>
>
> On 26 Jan 2018, at 14:57, Bear Giles <bg...@snaplogic.com> wrote:
>
> Thanks all.
>
> I've made the changes but am still getting an error. Notably it's not a
> "user X cannot impersonate Y" error.
>
> exc: Caused by: org.apache.hadoop.security.AccessControlException:
> Client cannot authenticate via:[TOKEN, KERBEROS]
> exc: at org.apache.hadoop.security.SaslRpcClient.selectSaslClient(
> SaslRpcClient.java:172)
> exc: at org.apache.hadoop.security.SaslRpcClient.saslConnect(
> SaslRpcClient.java:396)
> exc: at org.apache.hadoop.ipc.Client$Connection.
> setupSaslConnection(Client.java:555)
> exc: at org.apache.hadoop.ipc.Client$Connection.access$1800(Client.
> java:370)
> exc: at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:724)
> exc: at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:720)
> exc: at java.security.AccessController.doPrivileged(Native Method)
> exc: at javax.security.auth.Subject.doAs(Subject.java:422)
> exc: at org.apache.hadoop.security.UserGroupInformation.doAs(
> UserGroupInformation.java:1657)
> exc: at org.apache.hadoop.ipc.Client$Connection.setupIOstreams(
> Client.java:720)
> exc: ... 33 more
>
> I don't understand this since the Kerberos user authenticates without a
> problem after loading the keytab file. But when I use that UGI in a
> UserGroupInformation.createProxyUser() call I get this error.
>
> I seem to recall coming across something on SASL and Kerberos user
> impersonation having problems but can't find it now.
>
> Thanks,
>
> Bear
>
> On Thu, Jan 25, 2018 at 9:53 AM, Wei-Chiu Chuang <we...@apache.org>
> wrote:
>
>> Hi Near,
>>
>> Try setting proxyuser using with following doc: https://www.cloudera.com/
>> documentation/enterprise/latest/topics/admin_hdfs_proxy_users.html
>>
>> A while ago I helped a customer of us to configure proxy user. If you
>> have at-rest encryption in the cluster, you'd also need to configure KMS
>> proxyuser as well. https://www.cloudera.com/documentation/enterprise/late
>> st/topics/cdh_sg_kms_security.html It isn't that obvious from CDH
>> documentation nor Apache Hadoop doc.
>>
>>
>> On Thu, Jan 25, 2018 at 7:24 AM, Bear Giles <bg...@snaplogic.com> wrote:
>>
>>> Hi, kerberos auth question here.
>>>
>>> We need to have Kerberos authentication with user impersonation. I know
>>> we had it working on one of our test clusters earlier but nobody can
>>> remember which one or how it was configured. :-(
>>>
>>> From my research I have the following items:
>>>
>>> 1. There is are Kerberos users alice@REALM and bob@REALM.
>>>
>>> 2. 'alice' is in the 'supergroup' group on the HDFS node I access.
>>>
>>> 3. The server has hadoop.proxyuser.alice.users = * set in core-site.xml.
>>> (see note)
>>>
>>> 4. I can connect using alice@REALM.
>>>
>>> 5. When I try to connect using UGI.createProxyUser("bob", alice) I get a
>>> "Client cannot authenticate via:[TOKEN, KERBEROS]" error.
>>>
>>> 6. I didn't have success with "bob@REALM" earlier but I've change the
>>> configuration since then so I might have missed something.
>>>
>>> Do I need to create an additional principal for alice? Something like
>>> alice/hdfs@REALM? alice/supergroup@REALM?
>>>
>>> Is there
>>>
>>> (note: We're using CDH and I'm setting this on the 'advanced
>>> configuration snippets' page. I saved the settings and restarted the
>>> servers but I'm not sure that the files are actually being updated. I've
>>> also changed the configuration files manually.)
>>>
>>> --
>>>
>>> Bear Giles
>>>
>>> Sr. Java Application Engineer
>>> bgiles@snaplogic.com
>>> Mobile: 720-749-7876 <(720)%20749-7876>
>>>
>>>
>>> <http://www.snaplogic.com/about-us/jobs>
>>>
>>>
>>> *SnapLogic Inc | 929 Pearl St #200
>>> <https://maps.google.com/?q=929+Pearl+St+%23200&entry=gmail&source=g> |
>>> 80303 CO 80302 | USA*
>>>
>>> *SnapLogic Inc | 2 W 5th Avenue 4th Floor | San Mateo CA 94402 | USA
>>> <https://maps.google.com/?q=2+W+5th+Avenue+4th+Floor+%7C+San+Mateo+CA+94402+%7C+USA&entry=gmail&source=g>
>>> *
>>>
>>> This message is confidential. It may also be privileged or otherwise
>>> protected by work product immunity or other legal rules. If you have
>>> received it by mistake, please let us know by e-mail reply and delete it
>>> from your system; you may not copy this message or disclose its contents to
>>> anyone. The integrity and security of this message cannot be guaranteed on
>>> the Internet.
>>>
>>
>>
>>
>> --
>> A very happy Hadoop contributor
>>
>
>
>
> --
>
> Bear Giles
>
> Sr. Java Application Engineer
> bgiles@snaplogic.com
> Mobile: 720-749-7876 <(720)%20749-7876>
>
>
> <http://www.snaplogic.com/about-us/jobs>
>
>
> *SnapLogic Inc | 929 Pearl St #200
> <https://maps.google.com/?q=929+Pearl+St+%23200&entry=gmail&source=g> |
> 80303 CO 80302 | USA*
>
> *SnapLogic Inc | 2 W 5th Avenue 4th Floor | San Mateo CA 94402 | USA
> <https://maps.google.com/?q=2+W+5th+Avenue+4th+Floor+%7C+San+Mateo+CA+94402+%7C+USA&entry=gmail&source=g>
> *
>
> This message is confidential. It may also be privileged or otherwise
> protected by work product immunity or other legal rules. If you have
> received it by mistake, please let us know by e-mail reply and delete it
> from your system; you may not copy this message or disclose its contents to
> anyone. The integrity and security of this message cannot be guaranteed on
> the Internet.
>
>
>
--
Bear Giles
Sr. Java Application Engineer
bgiles@snaplogic.com
Mobile: 720-749-7876
<http://www.snaplogic.com/about-us/jobs>
*SnapLogic Inc | 929 Pearl St #200 | 80303 CO 80302 | USA*
*SnapLogic Inc | 2 W 5th Avenue 4th Floor | San Mateo CA 94402 | USA *
This message is confidential. It may also be privileged or otherwise
protected by work product immunity or other legal rules. If you have
received it by mistake, please let us know by e-mail reply and delete it
from your system; you may not copy this message or disclose its contents to
anyone. The integrity and security of this message cannot be guaranteed on
the Internet.
Re: Kerberos auth + user impersonation
Posted by Jorge Machado <jo...@me.com>.
Have you added the proxy.***.hosts to hadoop config ?
Check this: https://hadoop.apache.org/docs/r2.8.0/hadoop-project-dist/hadoop-common/Superusers.html <https://hadoop.apache.org/docs/r2.8.0/hadoop-project-dist/hadoop-common/Superusers.html>
Jorge Machado
www.jmachado.me
> On 26 Jan 2018, at 14:57, Bear Giles <bg...@snaplogic.com> wrote:
>
> Thanks all.
>
> I've made the changes but am still getting an error. Notably it's not a "user X cannot impersonate Y" error.
>
> exc: Caused by: org.apache.hadoop.security.AccessControlException: Client cannot authenticate via:[TOKEN, KERBEROS]
> exc: at org.apache.hadoop.security.SaslRpcClient.selectSaslClient(SaslRpcClient.java:172)
> exc: at org.apache.hadoop.security.SaslRpcClient.saslConnect(SaslRpcClient.java:396)
> exc: at org.apache.hadoop.ipc.Client$Connection.setupSaslConnection(Client.java:555)
> exc: at org.apache.hadoop.ipc.Client$Connection.access$1800(Client.java:370)
> exc: at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:724)
> exc: at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:720)
> exc: at java.security.AccessController.doPrivileged(Native Method)
> exc: at javax.security.auth.Subject.doAs(Subject.java:422)
> exc: at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657)
> exc: at org.apache.hadoop.ipc.Client$Connection.setupIOstreams(Client.java:720)
> exc: ... 33 more
>
> I don't understand this since the Kerberos user authenticates without a problem after loading the keytab file. But when I use that UGI in a UserGroupInformation.createProxyUser() call I get this error.
>
> I seem to recall coming across something on SASL and Kerberos user impersonation having problems but can't find it now.
>
> Thanks,
>
> Bear
>
> On Thu, Jan 25, 2018 at 9:53 AM, Wei-Chiu Chuang <weichiu@apache.org <ma...@apache.org>> wrote:
> Hi Near,
>
> Try setting proxyuser using with following doc: https://www.cloudera.com/documentation/enterprise/latest/topics/admin_hdfs_proxy_users.html <https://www.cloudera.com/documentation/enterprise/latest/topics/admin_hdfs_proxy_users.html>
>
> A while ago I helped a customer of us to configure proxy user. If you have at-rest encryption in the cluster, you'd also need to configure KMS proxyuser as well. https://www.cloudera.com/documentation/enterprise/latest/topics/cdh_sg_kms_security.html <https://www.cloudera.com/documentation/enterprise/latest/topics/cdh_sg_kms_security.html> It isn't that obvious from CDH documentation nor Apache Hadoop doc.
>
>
> On Thu, Jan 25, 2018 at 7:24 AM, Bear Giles <bgiles@snaplogic.com <ma...@snaplogic.com>> wrote:
> Hi, kerberos auth question here.
>
> We need to have Kerberos authentication with user impersonation. I know we had it working on one of our test clusters earlier but nobody can remember which one or how it was configured. :-(
>
> From my research I have the following items:
>
> 1. There is are Kerberos users alice@REALM and bob@REALM.
>
> 2. 'alice' is in the 'supergroup' group on the HDFS node I access.
>
> 3. The server has hadoop.proxyuser.alice.users = * set in core-site.xml. (see note)
>
> 4. I can connect using alice@REALM.
>
> 5. When I try to connect using UGI.createProxyUser("bob", alice) I get a "Client cannot authenticate via:[TOKEN, KERBEROS]" error.
>
> 6. I didn't have success with "bob@REALM" earlier but I've change the configuration since then so I might have missed something.
>
> Do I need to create an additional principal for alice? Something like alice/hdfs@REALM? alice/supergroup@REALM?
>
> Is there
>
> (note: We're using CDH and I'm setting this on the 'advanced configuration snippets' page. I saved the settings and restarted the servers but I'm not sure that the files are actually being updated. I've also changed the configuration files manually.)
>
> --
>
> Bear Giles
>
> Sr. Java Application Engineer
> bgiles@snaplogic.com <ma...@snaplogic.com>
> Mobile: 720-749-7876 <tel:(720)%20749-7876>
>
> <http://www.snaplogic.com/about-us/jobs>
>
>
> SnapLogic Inc | 929 Pearl St #200 <https://maps.google.com/?q=929+Pearl+St+%23200&entry=gmail&source=g> | 80303 CO 80302 | USA
>
> SnapLogic Inc | 2 W 5th Avenue 4th Floor | San Mateo CA 94402 | USA <https://maps.google.com/?q=2+W+5th+Avenue+4th+Floor+%7C+San+Mateo+CA+94402+%7C+USA&entry=gmail&source=g>
>
> This message is confidential. It may also be privileged or otherwise protected by work product immunity or other legal rules. If you have received it by mistake, please let us know by e-mail reply and delete it from your system; you may not copy this message or disclose its contents to anyone. The integrity and security of this message cannot be guaranteed on the Internet.
>
>
>
>
> --
> A very happy Hadoop contributor
>
>
>
> --
>
> Bear Giles
>
> Sr. Java Application Engineer
> bgiles@snaplogic.com <ma...@snaplogic.com>
> Mobile: 720-749-7876
>
>
> <http://www.snaplogic.com/about-us/jobs>
>
>
> SnapLogic Inc | 929 Pearl St #200 | 80303 CO 80302 | USA
>
> SnapLogic Inc | 2 W 5th Avenue 4th Floor | San Mateo CA 94402 | USA
>
> This message is confidential. It may also be privileged or otherwise protected by work product immunity or other legal rules. If you have received it by mistake, please let us know by e-mail reply and delete it from your system; you may not copy this message or disclose its contents to anyone. The integrity and security of this message cannot be guaranteed on the Internet.
>
Re: Kerberos auth + user impersonation
Posted by Bear Giles <bg...@snaplogic.com>.
Thanks all.
I've made the changes but am still getting an error. Notably it's not a
"user X cannot impersonate Y" error.
exc: Caused by: org.apache.hadoop.security.AccessControlException: Client
cannot authenticate via:[TOKEN, KERBEROS]
exc: at
org.apache.hadoop.security.SaslRpcClient.selectSaslClient(SaslRpcClient.java:172)
exc: at
org.apache.hadoop.security.SaslRpcClient.saslConnect(SaslRpcClient.java:396)
exc: at
org.apache.hadoop.ipc.Client$Connection.setupSaslConnection(Client.java:555)
exc: at
org.apache.hadoop.ipc.Client$Connection.access$1800(Client.java:370)
exc: at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:724)
exc: at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:720)
exc: at java.security.AccessController.doPrivileged(Native Method)
exc: at javax.security.auth.Subject.doAs(Subject.java:422)
exc: at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657)
exc: at
org.apache.hadoop.ipc.Client$Connection.setupIOstreams(Client.java:720)
exc: ... 33 more
I don't understand this since the Kerberos user authenticates without a
problem after loading the keytab file. But when I use that UGI in a
UserGroupInformation.createProxyUser() call I get this error.
I seem to recall coming across something on SASL and Kerberos user
impersonation having problems but can't find it now.
Thanks,
Bear
On Thu, Jan 25, 2018 at 9:53 AM, Wei-Chiu Chuang <we...@apache.org> wrote:
> Hi Near,
>
> Try setting proxyuser using with following doc: https://www.cloudera.com/
> documentation/enterprise/latest/topics/admin_hdfs_proxy_users.html
>
> A while ago I helped a customer of us to configure proxy user. If you have
> at-rest encryption in the cluster, you'd also need to configure KMS
> proxyuser as well. https://www.cloudera.com/documentation/enterprise/
> latest/topics/cdh_sg_kms_security.html It isn't that obvious from CDH
> documentation nor Apache Hadoop doc.
>
>
> On Thu, Jan 25, 2018 at 7:24 AM, Bear Giles <bg...@snaplogic.com> wrote:
>
>> Hi, kerberos auth question here.
>>
>> We need to have Kerberos authentication with user impersonation. I know
>> we had it working on one of our test clusters earlier but nobody can
>> remember which one or how it was configured. :-(
>>
>> From my research I have the following items:
>>
>> 1. There is are Kerberos users alice@REALM and bob@REALM.
>>
>> 2. 'alice' is in the 'supergroup' group on the HDFS node I access.
>>
>> 3. The server has hadoop.proxyuser.alice.users = * set in core-site.xml.
>> (see note)
>>
>> 4. I can connect using alice@REALM.
>>
>> 5. When I try to connect using UGI.createProxyUser("bob", alice) I get a
>> "Client cannot authenticate via:[TOKEN, KERBEROS]" error.
>>
>> 6. I didn't have success with "bob@REALM" earlier but I've change the
>> configuration since then so I might have missed something.
>>
>> Do I need to create an additional principal for alice? Something like
>> alice/hdfs@REALM? alice/supergroup@REALM?
>>
>> Is there
>>
>> (note: We're using CDH and I'm setting this on the 'advanced
>> configuration snippets' page. I saved the settings and restarted the
>> servers but I'm not sure that the files are actually being updated. I've
>> also changed the configuration files manually.)
>>
>> --
>>
>> Bear Giles
>>
>> Sr. Java Application Engineer
>> bgiles@snaplogic.com
>> Mobile: 720-749-7876 <(720)%20749-7876>
>>
>>
>> <http://www.snaplogic.com/about-us/jobs>
>>
>>
>>
>> *SnapLogic Inc | 929 Pearl St #200
>> <https://maps.google.com/?q=929+Pearl+St+%23200&entry=gmail&source=g> |
>> 80303 CO 80302 | USA*
>>
>> *SnapLogic Inc | 2 W 5th Avenue 4th Floor | San Mateo CA 94402 | USA
>> <https://maps.google.com/?q=2+W+5th+Avenue+4th+Floor+%7C+San+Mateo+CA+94402+%7C+USA&entry=gmail&source=g>
>> *
>>
>> This message is confidential. It may also be privileged or otherwise
>> protected by work product immunity or other legal rules. If you have
>> received it by mistake, please let us know by e-mail reply and delete it
>> from your system; you may not copy this message or disclose its contents to
>> anyone. The integrity and security of this message cannot be guaranteed on
>> the Internet.
>>
>
>
>
> --
> A very happy Hadoop contributor
>
--
Bear Giles
Sr. Java Application Engineer
bgiles@snaplogic.com
Mobile: 720-749-7876
<http://www.snaplogic.com/about-us/jobs>
*SnapLogic Inc | 929 Pearl St #200 | 80303 CO 80302 | USA*
*SnapLogic Inc | 2 W 5th Avenue 4th Floor | San Mateo CA 94402 | USA *
This message is confidential. It may also be privileged or otherwise
protected by work product immunity or other legal rules. If you have
received it by mistake, please let us know by e-mail reply and delete it
from your system; you may not copy this message or disclose its contents to
anyone. The integrity and security of this message cannot be guaranteed on
the Internet.
Re: Kerberos auth + user impersonation
Posted by Wei-Chiu Chuang <we...@apache.org>.
Hi Near,
Try setting proxyuser using with following doc:
https://www.cloudera.com/documentation/enterprise/latest/topics/admin_hdfs_proxy_users.html
A while ago I helped a customer of us to configure proxy user. If you have
at-rest encryption in the cluster, you'd also need to configure KMS
proxyuser as well.
https://www.cloudera.com/documentation/enterprise/latest/topics/cdh_sg_kms_security.html
It
isn't that obvious from CDH documentation nor Apache Hadoop doc.
On Thu, Jan 25, 2018 at 7:24 AM, Bear Giles <bg...@snaplogic.com> wrote:
> Hi, kerberos auth question here.
>
> We need to have Kerberos authentication with user impersonation. I know we
> had it working on one of our test clusters earlier but nobody can remember
> which one or how it was configured. :-(
>
> From my research I have the following items:
>
> 1. There is are Kerberos users alice@REALM and bob@REALM.
>
> 2. 'alice' is in the 'supergroup' group on the HDFS node I access.
>
> 3. The server has hadoop.proxyuser.alice.users = * set in core-site.xml.
> (see note)
>
> 4. I can connect using alice@REALM.
>
> 5. When I try to connect using UGI.createProxyUser("bob", alice) I get a
> "Client cannot authenticate via:[TOKEN, KERBEROS]" error.
>
> 6. I didn't have success with "bob@REALM" earlier but I've change the
> configuration since then so I might have missed something.
>
> Do I need to create an additional principal for alice? Something like
> alice/hdfs@REALM? alice/supergroup@REALM?
>
> Is there
>
> (note: We're using CDH and I'm setting this on the 'advanced configuration
> snippets' page. I saved the settings and restarted the servers but I'm not
> sure that the files are actually being updated. I've also changed the
> configuration files manually.)
>
> --
>
> Bear Giles
>
> Sr. Java Application Engineer
> bgiles@snaplogic.com
> Mobile: 720-749-7876 <(720)%20749-7876>
>
>
> <http://www.snaplogic.com/about-us/jobs>
>
>
>
> *SnapLogic Inc | 929 Pearl St #200
> <https://maps.google.com/?q=929+Pearl+St+%23200&entry=gmail&source=g> |
> 80303 CO 80302 | USA*
>
> *SnapLogic Inc | 2 W 5th Avenue 4th Floor | San Mateo CA 94402 | USA
> <https://maps.google.com/?q=2+W+5th+Avenue+4th+Floor+%7C+San+Mateo+CA+94402+%7C+USA&entry=gmail&source=g>
> *
>
> This message is confidential. It may also be privileged or otherwise
> protected by work product immunity or other legal rules. If you have
> received it by mistake, please let us know by e-mail reply and delete it
> from your system; you may not copy this message or disclose its contents to
> anyone. The integrity and security of this message cannot be guaranteed on
> the Internet.
>
--
A very happy Hadoop contributor