Step 1: As root user, start the kadmin tool on the KDC server.
/usr/krb5/sbin/kadmin.local kadmin.local:
Step 2: Create the principal for all services in your Hadoop cluster.
kadmin: addprinc -randkey $principal_name/$fully.qualified.domain.name@$YOUR-REALM.COM
where the $principal_name must use following mandatory
naming conventions:
| Service Name | Principal Name (mandatory naming convention) |
| NameNode | nn and HTTP |
| Secondary NameNode | nn, HTTP |
| JobTracker | jt |
| TaskTracker | tt |
| DataNode | dn |
|
HBase Master |
hbase |
|
HBase RegionServer |
hbase |
| Hive Metastore | hive |
| Oozie | oozie |
| Oozie | HTTP |
| WebHCat | HTTP |
For example, to create NameNode principals, from the shell try:
kadmin: addprinc -randkey nn/NAMENODE@EXAMPLE.COM
kadmin: addprinc -randkey HTTP/NAMENODE@EXAMPLE.COM
Step 3: Follow the instructions for Step - 2 above to create keytab files according to the following mandatory naming conventions:
| User Name | Principal Name (mandatory naming convention) |
| HDFS User | hdfs |
| HBase User | hbase |
| Smoke Test User | Value specified for smoke_test_user property in master-install-location/gsInstaller/gsInstaller.properties file. |
