If you want to use MaxCompute and a Hadoop cluster for which the Kerberos security mechanism is enabled to implement the lakehouse solution, you must upload a keytab configuration file. This topic describes how to create a keytab configuration file.

Procedure

The following example shows how to create a keytab configuration file for Alibaba Cloud E-MapReduce (EMR).

  1. Log on to the master node of a Hive cluster in EMR by using Secure Shell Protocol (SSH). Run the following command to start the Kerberos admin client:
    sh /usr/lib/has-current/bin/admin-local.sh /etc/ecm/has-conf -k /etc/ecm/has-conf/admin.keytab
    Note This command is supported in EMR V3.30.0 or later minor versions and EMR V4.5.1 or later minor versions.
  2. On the Kerberos admin client, run the following commands to add a Hive user to the key distribution center (KDC) and check whether the Hive user is added.
    -- Add a Hive user to the KDC. 
    add_principal -pw <password> hive
    -- Check whether the user is added. 
    list_principals
  3. On the Kerberos admin client, run the following command to create a keytab configuration file in the /tmp directory:
    ktadd -k /tmp/hive.keytab -glob hive
  4. Check whether the content of the keytab configuration file is valid.
    1. On the Linux terminal, run the following command to switch to the Hive user:
      su - hive
    2. On the Linux terminal, run the kinit command to cache the Hive principal and keytab file. Then, run the klist command to check whether the Hive principal and keytab file are cached.
      -- Cache the Hive principal and keytab file.
      kinit -kt /tmp/hive.keytab hive
      -- Check whether the Hive principal and keytab file are cached.
      klist
    3. Log on to the Hive client. If you can log on to the Hive client, the keytab configuration file that you created is valid.