I've setup Hadoop to use Kerberos (following the Cloudera security guide), but it is unclear how I connect to hadoop with regular users (e.g. username=myuser).
Currently I have myself authenticated with Kerberos with my Keberos
admin user (via kinit kerbadmin/admin), but that doesn't seem to
help. Do I need to tell Hadoop that kerberos user "kerbadmin" is
allowed to use Hadoop?
Running something like hadoop fs -ls / results in a permission
issue:
11/09/13 11:13:03 WARN ipc.Client: Exception encountered while connecting to the server : javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
Bad connection to FS. command aborted. exception: Call to <myservername>/127.0.1.1:54310 failed on local exception: java.io.IOException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
Also, sudo -u hdfs hadoop fs -ls / returns the same error message.
Just noticed an appendix in Cloudera's setup guide that points out there is a known bug with Kerberos that is causing this, so the fix is to run
kinit -Rafter authenticating with the server