You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@hadoop.apache.org by REYANE OUKPEDJO <r....@yahoo.com> on 2015/03/04 22:51:06 UTC
keberos issue
Hi Everyone,
I setup a kerberos enabled cluster using HDP-2.2 and I am facing the following issue :
2015-03-04 16:24:43,419 WARN security.DelegationTokenRenewer (DelegationTokenRenewer.java:handleDTRenewerAppSubmitEvent(785)) - Unable to add the application to the delegation token renewer.org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User: rm/myhostname@MYREALM.COM is not allowed to impersonate rey at org.apache.hadoop.ipc.Client.call(Client.java:1468) at org.apache.hadoop.ipc.Client.call(Client.java:1399) at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:232) at com.sun.proxy.$Proxy83.getDelegationToken(Unknown Source) at org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolTranslatorPB.getDelegationToken(ClientNamenodeProtocolTranslatorPB.java:909) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.apache.hadoop.io.retry.RetryInvocationHandler.invokeMethod(RetryInvocationHandler.java:187) at org.apache.hadoop.io.retry.RetryInvocationHandler.invoke(RetryInvocationHandler.java:102) at com.sun.proxy.$Proxy84.getDelegationToken(Unknown Source) at org.apache.hadoop.hdfs.DFSClient.getDelegationToken(DFSClient.java:1029)
Base on the hadoop documentation, I tried setting the following properties in core-site.xml
<property>
<name>hadoop.proxyuser.*.hosts</name>
<value>*</value>
</property>
<property>
<name>hadoop.proxyuser.*.groups</name>
<value>*</value>
</property>But no success. Any idea what could be causing this? (note that user rm is the resource manager principal).
Thank you.