Step 9: Enable Hue to Work with Hadoop Security using Cloudera Manager
Minimum Required Role: Cluster Administrator (also provided by Full Administrator)
If you are using a Hue service, you must add a role instance of Kerberos Ticket Renewer to the Hue service to enable Hue to work properly with the secure Hadoop cluster using Cloudera Manager.
The Hue Kerberos Ticket Renewer service will only renew tickets for the Hue service, for the principal hue/<hostname>@<YOUR-REALM.COM>. The Hue principal is then used to impersonate other users for applications within Hue such as the Job Browser, File Browser and so on.
- Go to the Hue service.
- Click the Instances tab.
- Click the Add Role Instances button.
- Assign the Kerberos Ticket Renewer role instance to the same host as the Hue server.
- When the wizard is finished, the status will display Finished and the Kerberos Ticket Renewer role instance is configured. The Hue service will now work with the secure Hadoop cluster.
kadmin.local: modprinc -maxrenewlife 90day krbtgt/YOUR_REALM.COM kadmin.local: modprinc -maxrenewlife 90day +allow_renewable hue/<hostname>@YOUR-REALM.COM