To copy the krb5conf file 1 Use SSH to connect to the master node using an EC2

To copy the krb5conf file 1 use ssh to connect to the

This preview shows page 238 - 241 out of 395 pages.

To copy the krb5.conf file 1. Use SSH to connect to the master node using an EC2 key pair and the default hadoop user —for example, [email protected] MasterPublicDNS . For detailed instructions, see Connect to the Cluster (p. 313) . 2. From the master node, copy the contents of the /etc/krb5.conf file . For more information, see Connect to the Cluster (p. 313) . 3. On each client computer that will connect to the cluster, create an identical /etc/krb5.conf file based on the copy that you made in the previous step. Using Kinit and SSH Each time a user connects from a client computer using Kerberos credentials, the user must first renew Kerberos tickets for their user on the client computer. In addition, the SSH client must be configured to use GSSAPI authentication. 232
Image of page 238
Amazon EMR Management Guide Use Kerberos Authentication To use SSH to connect to a Kerberized EMR cluster 1. Use kinit to renew your Kerberos tickets as shown in the following example kinit user1 2. Use an ssh client along with the principal that you created in the cluster-dedicated KDC or Active Directory user name. Make sure that GSSAPI authentication is enabled as shown in the following examples. Example: Linux users The -K option specifies GSSAPI authentication. ssh -K user1 @ MasterPublicDNS Example: Windows users (PuTTY) Make sure that the GSSAPI authentication option for the session is enabled as shown: Tutorial: Configure a Cluster-Dedicated KDC This topic guides you through creating a cluster with a cluster-dedicated KDC, manually adding Linux user accounts to all cluster nodes, adding Kerberos principals to the KDC on the master node, and ensuring that client computers have a Kerberos client installed. 233
Image of page 239
Amazon EMR Management Guide Use Kerberos Authentication Step 1: Create the Kerberized Cluster 1. Create a security configuration that enables Kerberos. The following example demonstrates a create-security-configuration command using the AWS CLI that specifies the security configuration as an inline JSON structure. You can also reference a file saved locally. aws emr create-security-configuration --name MyKerberosConfig \ --security-configuration '{"AuthenticationConfiguration": {"KerberosConfiguration": \ {"Provider": "ClusterDedicatedKdc", "ClusterDedicatedKdcConfiguration": {"TicketLifetimeInHours": 24 }}}}}' 2. Create a cluster that references the security configuration, establishes Kerberos attributes for the cluster, and adds Linux accounts using a bootstrap action. The following example demonstrates a create-cluster command using the AWS CLI. The command references the security configuration that you created above, MyKerberosConfig . It also references a simple script, createlinuxusers.sh , as a bootstrap action, which you create and upload to Amazon S3 before creating the cluster. aws emr create-cluster --name " MyKerberosCluster " \ --release-label emr-5.28.1 \ --instance-type m5.xlarge \ --instance-count 3 \ --ec2-attributes InstanceProfile=EMR_EC2_DefaultRole,KeyName= MyEC2KeyPair \ --service-role EMR_DefaultRole \ --security-configuration MyKerberosConfig \ --applications Name= Hadoop Name= Hive Name= Oozie Name= Hue Name=
Image of page 240
Image of page 241

You've reached the end of your free preview.

Want to read all 395 pages?

  • Spring '12
  • LauraParker
  • Amazon Web Services, Amazon Elastic Compute Cloud

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask ( soon) You can ask (will expire )
Answers in as fast as 15 minutes
A+ icon
Ask Expert Tutors