1

I created an AWS EMR cluster with Kerberos enabled, and I am able to authenticate Hadoop with my Kerberos keytab using the Java hadoop.conf authentication method. However, I cannot access Livy as I keep running into this error:

HTTP ERROR: 401 Problem accessing /. Reason: Authentication required

I cannot find a way online to authenticate Livy in my code, the only relevant module is requests_kerberos but it requires an existing valid TGT. I am looking for a way to be able to pass in a keytab or principal name+password to authenticate Livy.

If this is not possible, how can I disable Kerberos for Livy without affecting other components like Hadoop?

JYCH
  • 61
  • 7

1 Answers1

0

To authenticate to livy via Kerberos, you need the following pre-conditions:

  1. The user you are authenticating to must exist in all nodes (see createlinuxusers.sh)
  2. You need to create a kerberos principal for the user in the master node (see configurekdc.sh)

For more information, can check out AWS blog

Note that there is a bug in the cloudformation template which changes the sparkmagic config.json file.

You need to revert this section

"authenticators": {
    "Kerberos": "sparkmagic.auth.kerberos.Kerberos",
    "Kerberos": "sparkmagic.auth.customauth.Authenticator",
    "Basic_Access": "sparkmagic.auth.basic.Basic"
  }

to its original state

"authenticators": {
    "Kerberos": "sparkmagic.auth.kerberos.Kerberos",
    "None": "sparkmagic.auth.customauth.Authenticator",
    "Basic_Access": "sparkmagic.auth.basic.Basic"
  }
tomerpacific
  • 4,704
  • 13
  • 34
  • 52
Reivax
  • 33
  • 2