Configuring Impersonation without Cluster Security

Describes how to use impersonation on a non-secure cluster.

About this task

To configure impersonation without enabling cluster security, perform the following steps on the client.

Procedure

  1. Enable impersonation for each ecosystem component you will use that supports impersonation. See Component Requirements for Impersonation in How Impersonation Works.
  2. Enable impersonation for the data-fabric core components. See Enabling Impersonation for the mapr Superuser.
  3. On each client system from which you want to use impersonation:
    1. Set a MAPR_IMPERSONATION_ENABLED environment variable with the value true. This value must be set in the environment of any process you start that does impersonation.
    2. Create a file in /opt/mapr/conf/proxy/ that has the name of the data-fabric superuser or any other user. For the data-fabric superuser, the default file name would be mapr. For all other users, use their username for the proxy file.
    If the data-fabric superuser has a different name in your cluster, use that name for the proxy file. To verify the data-fabric superuser name, check the mapr.daemon.user= line in the /opt/mapr/conf/daemon.conf file on a data-fabric cluster server.