Configuration for a NetBackup for Hadoop cluster that uses Kerberos

For a NetBackup for Hadoop cluster that uses Kerberos, perform the following tasks on all the backup hosts:

Ensure that the Kerberos package is present on all the backup hosts.
- krb5-workstation package for RHEL
- krb5-client for SUSE
Acquire the keytab file and copy it to a secure location on the backup host.
Ensure that the keytab has the required principal.
Manually update the krb5.conf file with the appropriate KDC server and realm details.
Note:
Enure that default_ccache_name parameter is not set to the KEYRING:persistent:%{uid} value. You can comment the parameter to use the default or you can specify a file name such as, FILE:/tmp/krb_file_name:%{uid}.
When you add NetBackup for Hadoop credentials in NetBackup, specify "kerberos" as application_server_user_id value. See Adding NetBackup for Hadoop credentials in NetBackup.
To run backup and restore operations for a NetBackup for Hadoop cluster that uses Kerberos authentication, NetBackup for Hadoop needs a valid Kerberos ticket-granting ticket (TGT) to authenticate with the NetBackup for Hadoop cluster. See Prerequisites for running backup and restore operations for a NetBackup for Hadoop cluster with Kerberos authentication.
To use Kerberos, the user must be a super user with full access and ownership of the HDFS. A valid token is required with the user on the backup host.