Disabling Kerberos Security

Follow these steps to disable Kerberos security for HAWQ and PXF for manual installations.

Note: If you install or manage your cluster using Ambari, then the HAWQ Ambari plug-in automatically disables security for HAWQ and PXF when you disable security for Hadoop. The following instructions are only necessary for manual installations, or when Hadoop security is disabled outside of Ambari.

  1. Disable Kerberos on the Hadoop cluster on which you use HAWQ.
  2. Disable security for HAWQ:

    1. Login to the HAWQ database master server as the gpadmin user:

      $ ssh hawq_master_fqdn
    2. Run the following command to set up HAWQ environment variables:

      $ source /usr/local/hawq/greenplum_path.sh
    3. Start HAWQ if necessary:

      $ hawq start -a
    4. Run the following command to disable security:

      $ hawq config --masteronly -c enable_secure_filesystem -v “off”
    5. Change the permission of the HAWQ HDFS data directory:

      $ sudo -u hdfs hdfs dfs -chown -R gpadmin:gpadmin /hawq_data
    6. On the HAWQ master node and on all segment server nodes, edit the /usr/local/hawq/etc/hdfs-client.xml file to disable kerberos security. Comment or remove the following properties in each file:

    7. Restart HAWQ:

      $ hawq restart -a -M fast
  3. Disable security for PXF:

    1. On each PXF node, edit the /etc/gphd/pxf/conf/pxf-site.xml to comment or remove the properties:

          <description>path to keytab file owned by pxf service
          with permissions 0400</description>
          <description>Kerberos principal pxf service should use.
          _HOST is replaced automatically with hostnames
    2. Restart the PXF service.