THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
ReleaseApplies to release: none (trunk) as of 2012-05-18
Overview
Flume 1.x supports securely communicating with Hadoop using Kerberos.writing to Hadoop clusters secured with Kerberos.
Features and limitations:
- A single agent may have multiple sinks, each of which may write to HDFS as a different user
- In a multiple-user setup, a single principal must be used, and that principal must be configured to allow impersonation of "proxy" users
Storing as several users in the same agent
In FLUME-1196, support was added for secure impersonation of Hadoop users. This was implemented similar to how Oozie implements secure user impersonation.
...
In the above example, the flume user impersonates the user will. This will only be allowed if KDC authenticates the principal, and the Namenode authorizes impersonation of the specified proxy user by the provided principal.
Directly accessing Hadoop as the principal
If only one user is needed, then the proxyUser configuration option may be omitted. In this case, the user indicated by the Kerberos principal is used to access Hadoop directly.