...
In this article
Table of Contents | ||||
---|---|---|---|---|
|
...
You can create an account from Designer or Manager. In Designer, when working on pipelines, every Snap that needs an account prompts you to create a new account or use an existing account. The accounts can be created in or used from:
- Your private project folder: This folder contains the pipelines that will use the account.
- Your Project Space’s shared folder: This folder is accessible to all the users that belong to the Project Space.
- The global shared folder: This folder is accessible to all the users within an organization in the SnapLogic instance.
Account Configuration
In Manager, you can navigate to the required folder and create an account in it (see Accounts). To create an account for binary files:
- Click Create, then select Hadoop, then Kerberos.
- Supply an account label.
Supply the necessary information.
- (Optional) Supply additional information on this account in the Notes field of the Info tab.
- Click Apply.
Warning |
---|
Avoid changing account credentials while pipelines using them are in progress. This may lead to unexpected results, including locking the account. |
Account Types
Kerberos
Account Settings
...
Label
...
Client Principal
...
Overview
Use this account type to connect Hadoop Snaps with data sources that use Kerberos accounts.
Prerequisites
None.
Limitations
The security model configured for the Groundplex (SIMPLE or KERBEROS authentication) must match the security model of the remote server. Due to limitations of the Hadoop library, we are only able to create the necessary internal credentials for the configuration of the Groundplex.
Known Issues
None.
Account Settings
...
Field Name | Field Type | Description | ||||||
---|---|---|---|---|---|---|---|---|
Label
| String |
| ||||||
Client Principal Default Value: N/A |
...
EDU | String | Specify the client principal associated with the account. |
Keytab File |
...
Default Value: N/A | String | Specify the path to the Keytab file. |
Hadoop config directory Default Value: N/A |
...
hadoop/ |
...
Default value: [None]
...
Required. Service Principal.
Example: krbtgt/EXAMPLE.COM@ATHENA.MIT.EDU
Default value: [None]
Note |
---|
Even though you pass both client and server principals here, the Snap only validates the client information and not the server information. This is because server validation requires information that is available only in the Snap's settings and not the Account settings. |
Account Encryption
...
If you are using Standard Encryption, the High sensitivity settings under Enhanced Encryption are followed.
...
If you have the Enhanced Account Encryption feature, the following describes which fields are encrypted for each sensitivity level selected per each account.
Account:
- High: Keytab File
- Medium + High: Keytab File
- Low + Medium + High: Keytab File
...
config | String/Expression | Specify the path of the Hadoop configuration files to read the Hadoop configuration for a specific instance of a Hadoop cluster. The account uses the config files from this path to initialize the Hadoop object and establishes a connection with the Hadoop cluster.
|
Troubleshooting
Error Message | Reason | Resolution |
---|---|---|
Failed to validate account: Kerberos keytab file does not exist or cannot be read. | Specify the location of the keytab file. This typically means that the Keytab File or Client Principal details provided are incorrect. | Verify if the provided credentials are correct. |
Cannot locate default realm | This error appears when the value in the Client Principal field is not in the format expected. | |
Failure in URL connection or file access denial, detail: SIMPLE authentication is not enabled. Available: | Either the value in the Hadoop config directory field or the Node properties is empty or the configuration directory is invalid. | Specify a valid path for the Hadoop configuration files. |
Snap Pack History
...