In this article, will explain how to generate the kerberos keytabs in user level or service level in the Big data platform side.
Kerberos Keytabs:
Basically, these keytabs used for authentication level. Whether user or service identification for particular username and services ids as per developer and admin requests.
How to generate the keytab in the user level.
Username: abcdef
First, logged-in the command prompt with you’re own username, try with below command:
abcdef$kinit -kt [email protected]
Here we are doing the keytab intilization with kinit -kt and then given to prinicipal name
After that we need to give the password
How to generate the service level keytabs in the Hadoop:
Step 1 : Here we take the hdfs service id keyatab
Step 2: Switch to hdfs user from root/username
Step 3: Go to the hdfs.keytab location like below (hdfs.headless.keytab)
/etc/security/keytabs
Step 4 : Then find the required service level keytabs
Please find the attached snapshot for more clarification.
Step 5: Here I’m taking the hdfs.headless keytab then generate the hdfs keytab principal using the below command
klist -kt hdfs.headless keytab
Step 6: The ouput be like: [email protected]
Step 7: Then initialize the keytab with the below command:
kinit -kt hdfs.headless keytab [email protected]
This is the way to successfully initialized the service level keytabs in the Big data environment either in Azure or AWS clusters.
Secured cluster always enabled the Kerberos, if not that cluster may be enabled the SASL, SSL related or else it belongs not secured clusters.
Summary: Kerberos is one of the secure thing in the Hadoop cluster and it’s a second level authentication (two factor authentication). Most of the Hadoop admins are using the different types of different services like HDFS, YARN, SPARK, HIVE keytabs in the keytab locations. If Spark related applications needs to check we can use SPARK keytabs then only can able to see application information.