2017-01-31 21:53:41,538 WARN org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter: Authentication exception: User: testuser@DG.COM is not allowed to impersonate testuser
When above log is found in KMS log file(/var/log/kms-keytrustee/kms.log), add below properties in the KMS configuration from the cloudera manager (Cloudera Manager > Key Trustee KMS > Configuration > Key Management Server Proxy Default Group > Advanced) and then we were able to submit the jobs on the cluster using testuser user:-
<property>
<name>hadoop.kms.proxyuser.testuser.users</name>
<value>*</value>
</property>
<property>
<name>hadoop.kms.proxyuser.testuser.hosts</name>
<value>*</value>
</property>
<property>
<name>hadoop.kms.proxyuser.testuser.groups</name>
<value>*</value>
</property>
On CDH5.8.4, the UI is changed and we have to put the content of such xml property into their new UI.
No comments:
Post a Comment