Prerequisites for Kerberos

This topic lists the prerequisites for administering a Kerberos enabled CES HDFS cluster.

Note: Only MIT Kerberos is supported.

If you are adding a new NameNode or DataNode, execute step 1 and step 2. For all other administrative operations, go to step 3.

  1. On the new node, create the Hadoop users and groups by following the instructions in Configuring users, groups and file system access for IBM Storage Scale.
  2. Initialize Kerberos on the new node by running the Kerberos configuration script /usr/lpp/mmfs/hadoop/scripts/gpfs_create_hadoop_users_dirs.py as mentioned in Configuring Kerberos using the Kerberos script provided with IBM Storage Scale. This will create the principals and keytabs specific to the new node.
  3. Obtain a Kerberos token for the hdfs user to administer CES HDFS when using either the installation toolkit method or the manual method. Run the following command:
    # kinit -kt /etc/security/keytab/hdfs.headless.keytab hdfs@<Realm Name>
    Note: The previous command needs to be executed on all the CES HDFS NameNodes.
  4. Verify that there is a valid token by running the following command:
    # klist