User Impersonation for HttpFS
You can set up proxy user functionality if you want HttpFS to impersonate a user from a set
of hosts, or to impersonate a user that belongs to a set of groups. When you configure proxy
user functionality, the proxy user can perform “doAs” operations. Add configuration properties
to the httpfs-site.xml
and core-site.xml
files to configure
proxy user functionality.
- Add the following configuration properties to the
/opt/mapr/httpfs/httpfs-1.0/etc/hadoop/httpfs-site.xml
file :httpfs.proxyuser.#USER#.hosts
httpfs.proxyuser.#USER#.groups
- Replace
#USER#
with the username of the proxy that can perform “doAs” operations. For the host property, you can add a list of host names as the value. For the group property, you can add a list of groups as the value. Alternatively, you can add a wildcard character (*) as the value for host and group properties. To add multiple users, copy the property and replace#USER#
with the proxy user name.Host Example<property> <name>httpfs.proxyuser.mapr.hosts</name> <value>*</value> </property>
Group Example<property> <name>httpfs.proxyuser.mapr.groups</name> <value>*</value> </property>
- Add the following configuration properties to the
core-site.xml
file, and replace#USER#
with the username of the proxy:-
hadoop.proxyuser.#USER#.hosts
-
hadoop.proxyuser.#USER#.groups
-
When you add the host property, the proxy user can only connect from a host to impersonate a user. When you add the group property, the proxy user can impersonate any member of any group.
<property>
<name>hadoop.proxyuser.mapr.hosts</name>
<value>*</value>
</property>
<property>
<name>hadoop.proxyuser.mapr.groups</name>
<value>*</value>
</property>