Issue on Hadoop CDH4.1.2 configuring with kerberos

Question

My datanode log file:

*2013-01-28 22:12:05,084 WARN org.apache.hadoop.ipc.Client: Exception encountered while connecting to the server : javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)] 2013-01-28 22:12:05,084 ERROR org.apache.hadoop.security.UserGroupInformation: PriviledgedActionException as:dr.who (auth:KERBEROS_SSL) cause:java.io.IOException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]*

I have started installing hadoop CDH4.1.2 with kerberos, and datanode is started as secure process.

As per https://ccp.cloudera.com/display/CDH4DOC/Configuring+Hadoop+Security+in+CDH4 https://ccp.cloudera.com/display/CDH4DOC/Appendix+A+-+Troubleshooting#AppendixA-Troubleshooting-Problem2

the above links i understood that hadoop command line is unable to get the credentials for the kerberos ticket, so a workaround is suggested to renew the ticket. Yes, the workaround solves the command line problem, i can access the HDFS.

But from the Namenode UI, i cannot view the logs, it shows HTTP 401 ERROR. **User dr.who is unauthorized to access this page.**

Has anyone faced this issue ?

Thanks in advance

Answer 1

add below to hdfs-sit.xml

<property>
<name>dfs.web.ugi</name>
<value>hdfs</value>
</property>

add below to core-site.xml

<property>
<name>hadoop.http.staticuser.user</name>
<value>mapred</value>
</property>

restart NameNode and check,good luck.

Answer 2

You need to set up your Web UI to handle kerberos.

http://hadoop.apache.org/docs/stable/HttpAuthentication.html

The "dr.who" reference appears to be a default for hadoop.http.staticuser.user.