In this article
Overview
Use this account type to connect Hadoop Snaps with data sources that use Kerberos accounts.
Prerequisites
- None.
Limitations and Known Issues
- None.
Account Settings
Use the Create Account popup to create AWS S3 accounts:
All fields are required.
Parameter Name | Data Type | Description | Default Value | Example |
---|---|---|---|---|
Label | String | Specify a unique label for the account. We recommend that you update the account name if there is more than one account of the same account type in your project. | N/A | Kerberos Account |
Client Principal | String | The client principal associated with the account. | N/A | snaplogic/EXAMPLE.COM@ATHENA.MIT.EDU |
Keytab File | String | Path to the Keytab file. | N/A | /keytabs/snaplogic.keytab |
Service Principal | String | The service principal associated with the account. Protocols supported: HDFS | N/A | krbtgt/EXAMPLE.COM@ATHENA.MIT.EDU |
Even though you pass both client and server principals here, the Snap only validates the client information and not the server information. This is because server validation requires information that is available only in the Snap's settings and not the Account settings.
The security model configured for the Groundplex (SIMPLE or KERBEROS authentication) must match the security model of the remote server. Due to limitations of the Hadoop library, we are only able to create the necessary internal credentials for the configuration of the Groundplex.
Troubleshooting
Error Message | Reason | Resolution |
---|---|---|
Failed to validate account: Kerberos keytab file does not exist or cannot be read. | Specify the location of the keytab file. This typically means that the Keytab File or Client Principal details provided are incorrect. | Please verify if the provided credentials are correct. |
Cannot locate default realm | No reason provided by the snap This error appears when the value in the Client Principal field is not in the format expected. |