Step 15: Create the hdfs Super User Principal
In order to be able to create home directories for users later in Step 17: Prepare the Cluster for Each User, you will need access to the HDFS super user account. (CDH automatically created the HDFS super user account on each cluster host during CDH installation.) When you enabled Kerberos for the HDFS service in Step 9, you lost access to the HDFS super user account via sudo -u hdfs commands. To enable your access to the HDFS super user account now that Kerberos is enabled, you must create a Kerberos principal whose first component is hdfs.
To create the hdfs super user principal:
- In the kadmin.local or kadmin shell, type the following command to
create a Kerberos principal called hdfs:
kadmin: addprinc hdfs@YOUR-LOCAL-REALM.COM
Note
: This command will prompt you to create a password for the hdfs principal. You should use a strong password because having access to this principal will provide super user access to all of the files in HDFS.
- To run commands as the HDFS super user, you must first obtain Kerberos
credentials for the hdfs principal. To do
so, run the following command and provide the appropriate password when prompted.
$ kinit hdfs@YOUR-LOCAL-REALM.COM
<< |