This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Setting up Kerberos on SnapLogic groundplex for authentication to Cloudera - Hive account and snap pack

PSAmmirata
Employee
Employee

‎11-15-2017 02:50 PM

I’m looking for information on how to set up Kerberos on the SnapLogic groundplex for authentication to Cloudera. I want to use Hive account and snap pack. I see this documentation:
https://docs-snaplogic.atlassian.net/wiki/spaces/SD/pages/2015960/How+to+Configure+a+Groundplex+for+...

Is that all there is to it? Or are there more steps?

Labels:
0 Kudos
8 REPLIES 8

PSAmmirata
Employee
Employee

‎11-21-2017 08:11 AM

Step 5 says to “Generate the keytab file for the kerberos user.” Does anyone have details on how to do this?

0 Kudos

bgiles
Former Employee

‎11-21-2017 01:18 PM

Creating a keytab file is straightforward.

If you are creating a keytab file for a user with a password you should use the ‘kutil’ program.

$ ktuil
ktutil: add_entry -password -p principal -k knvo -e enctype
(enter password)
ktutil: write_kt keytabfile
ktutil quit

where

  • principal is your principal, e.g., bob@example.com or bob/hdfs@example.com for a more restricted principal
  • knvo is the key version number. 1 should be fine.
  • enctype is the encryption type. This is typically something like aes128-cts-hmac-sha1-96, des3-cbc-sha1, or arcfour-hmac. You should check with your system administrator to get the precise encryption types required. You can call this line multiple times, once for each encryption type.
  • keytabfile is your keytab file. It traditionally ends with the .keytab extension.

You can verify the new file with ‘klist -kt keytabfile’.

If you are creating a keytab file for a server you must use the ‘kadmin’ program.

If the server principal does not exist yet:

$ kadmin
kadmin: add_principal principal
kadmin: ktadd -k keytabfile principal

If the server principal already exists:

$ kadmin
kdamin: ktadd -k keytabfile -norandkey principal

where principal is something like “hdfs/172.3.1.7@MYORG.EXAMPLE.COM”.

0 Kudos

PSAmmirata
Employee
Employee

‎12-11-2017 12:49 PM

Step 6/7 refers to a Hadoop (HDFS) configuration directory. We’re using Cloudera and our Cloudera admin said we don’t have a config directory. Can anyone provide details on what directory this is?

0 Kudos

PSAmmirata
Employee
Employee

‎12-15-2017 02:57 PM

We did get this working. Here are some of my notes that may be useful.

  1. We use EMC Isilon storage and the Hadoop configuration details were contained in the Isilon client configuration file.
  2. We used Cloudera Hive JDBC driver 2.5.19 and needed to specify all of the JAR files extracted from the ZIP file archive.
0 Kudos