[OOZIE-1726] Oozie does not support _HOST when configuring kerberos security - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 4.0.0
Fix Version/s: 4.2.0
Component/s: core
Labels:
None

Description

When configuring kerberos security for Oozie, the oozie.service.HadoopAccessorService.kerberos.principal property and oozie.authentication.kerberos.principal need to be configured. However, both of which don't support _HOST substitution, i.e. if it is configured as oozie/_HOST@EXAMPLE.COM, the _HOST shall be replaced with the FQDN of the host. This feature is supported by hdfs and yarn, so it would be great if oozie support it as well.

Below is from the oozie log:
======================
2014-02-17 08:28:53,199 FATAL Services:533 - USER[-] GROUP[-] E0100: Could not initialize service [org.apache.oozie.service.HadoopAccessorService], Login failure for oozie/_HOST@EXAMPLE.COM from keytab /etc/security/keytab/oozie.service.keytab
org.apache.oozie.service.ServiceException: E0100: Could not initialize service [org.apache.oozie.service.HadoopAccessorService], Login failure for oozie/_HOST@EXAMPLE.COM from keytab /etc/security/keytab/oozie.service.keytab
======================

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

oozie-1726.patch
06/Apr/15 20:20
1 kB
Bowen Zhang
oozie-1726.patch
09/Sep/14 01:21
1 kB
Bowen Zhang
OOZIE-1726.patch
08/Apr/15 05:02
3 kB
Venkat Ranganathan

Activity

People

Assignee:: Venkat Ranganathan

Reporter:: Mingjiang Shi

Votes:: 3 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 04/Mar/14 07:11

Updated:: 18/May/15 07:11

Resolved:: 08/Apr/15 22:46