Oozie invalid user in secure mode

0
votes

Configured oozie to work with hadoop-2.6.0 and enabled kerberos security.

I didn't get ticket using kinit command but when i submit job using below command,

oozie job -oozie http://hostname:11000/oozie -config job.properties -run

it throws the following exception,

Error: E0501 : E0501: Could not perform authorization operation, User: oozie/[email protected] is not allowed to impersonate Kumar

I know how to solve the above error but my question is

Kumar is my local account username. As i configured kerberos, it should check my user ticket. But it didn't show me any error like "No credential found"

If i get ticket using kinit for any other user then also oozie shows the same exception with my local user account name.

Is there anything to configure? I don't understand the concept. I am following this to configure oozie with kerberos on secured cluster.

1
hadoopkerberosoozie
It might be the basic core-site.xml oozie configuration issue refer stackoverflow.com/questions/16582126/…K S Nidhin
@KSNidhin Please read my question. I am asking question about kerberos not about impersonate issue, Thanks.Kumar

1 Answers

1
votes

I just found the answer in Oozie Authentication

Once authentication is performed successfully the received authentication token is cached in the user home directory in the .oozie-auth-token file with owner-only permissions. Subsequent requests reuse the cached token while valid.

This is the reason for using invalid user even getting the ticket for any other user using kinit command.

I just resolved as below

The use of the cache file can be disabled by invoking the oozie CLI with the -Doozie.auth.token.cache false= option.

Try this.