ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Don Bosco Durai (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-686) Allow specifying keytabs in Ranger repositories
Date Thu, 08 Oct 2015 16:02:27 GMT

    [ https://issues.apache.org/jira/browse/RANGER-686?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14948906#comment-14948906

Don Bosco Durai commented on RANGER-686:

>We would have to deal with ranger HA deployments, i.e. when a keytab is uploaded it would
have to be made available on all hosts running ranger-admin.
[~aloklal99], it is pretty standard in Hadoop to generate host specific keytabs for the services.
Keytabs used by Ranger service won't be different.

> Allow specifying keytabs in Ranger repositories
> -----------------------------------------------
>                 Key: RANGER-686
>                 URL: https://issues.apache.org/jira/browse/RANGER-686
>             Project: Ranger
>          Issue Type: New Feature
>            Reporter: Velmurugan Periasamy
>            Assignee: Gautam Borad
>             Fix For: 0.6.0
> PROBLEM: Currently you have to specify a principal and password when configuring Ranger
repositories.  It would be useful to allow specifying a principal and keytab instead of password
for authenticating the lookup-client user.
> USE CASE:  Sites which have regular password expiration will experience the lookup clients
fail routinely.  Also specifying keytab instead of password is considered a best practice.

This message was sent by Atlassian JIRA

View raw message