Uploaded image for project: 'Oozie'
  1. Oozie
  2. OOZIE-1726

Oozie does not support _HOST when configuring kerberos security

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 4.0.0
    • Fix Version/s: 4.2.0
    • Component/s: core
    • Labels:
      None

      Description

      When configuring kerberos security for Oozie, the oozie.service.HadoopAccessorService.kerberos.principal property and oozie.authentication.kerberos.principal need to be configured. However, both of which don't support _HOST substitution, i.e. if it is configured as oozie/_HOST@EXAMPLE.COM, the _HOST shall be replaced with the FQDN of the host. This feature is supported by hdfs and yarn, so it would be great if oozie support it as well.

      Below is from the oozie log:
      ======================
      2014-02-17 08:28:53,199 FATAL Services:533 - USER[-] GROUP[-] E0100: Could not initialize service [org.apache.oozie.service.HadoopAccessorService], Login failure for oozie/_HOST@EXAMPLE.COM from keytab /etc/security/keytab/oozie.service.keytab
      org.apache.oozie.service.ServiceException: E0100: Could not initialize service [org.apache.oozie.service.HadoopAccessorService], Login failure for oozie/_HOST@EXAMPLE.COM from keytab /etc/security/keytab/oozie.service.keytab
      ======================

        Attachments

        1. OOZIE-1726.patch
          3 kB
          Venkat Ranganathan
        2. oozie-1726.patch
          1 kB
          Bowen Zhang
        3. oozie-1726.patch
          1 kB
          Bowen Zhang

          Activity

            People

            • Assignee:
              venkatnrangan Venkat Ranganathan
              Reporter:
              jewes Mingjiang Shi
            • Votes:
              3 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: