If you want to use MaxCompute and a Hadoop cluster for which the Kerberos security
mechanism is enabled to implement the lakehouse solution, you must upload a keytab
configuration file. This topic describes how to create a keytab configuration file.
Procedure
The following example shows how to create a keytab configuration file for Alibaba
Cloud E-MapReduce (EMR).
- Log on to the master node of a Hive cluster in EMR by using Secure Shell Protocol
(SSH). Run the following command to start the Kerberos admin client:
sh /usr/lib/has-current/bin/admin-local.sh /etc/ecm/has-conf -k /etc/ecm/has-conf/admin.keytab
Note This command is supported in EMR V3.30.0 or later minor versions and EMR V4.5.1 or
later minor versions.
- On the Kerberos admin client, run the following commands to add a Hive user to the
key distribution center (KDC) and check whether the Hive user is added.
-- Add a Hive user to the KDC.
add_principal -pw <password> hive
-- Check whether the user is added.
list_principals
- On the Kerberos admin client, run the following command to create a keytab configuration
file in the
/tmp
directory: ktadd -k /tmp/hive.keytab -glob hive
- Check whether the content of the keytab configuration file is valid.
- On the Linux terminal, run the following command to switch to the Hive user:
- On the Linux terminal, run the
kinit
command to cache the Hive principal and keytab file. Then, run the klist
command to check whether the Hive principal and keytab file are cached. -- Cache the Hive principal and keytab file.
kinit -kt /tmp/hive.keytab hive
-- Check whether the Hive principal and keytab file are cached.
klist
- Log on to the Hive client. If you can log on to the Hive client, the keytab configuration
file that you created is valid.