Configure WebHCat to use Kerberos Authentication

About this task

To enable WebHCat to use Kerberos, complete the following steps on the node where WebHCat is installed.

Procedure

  1. Add the following section to the /opt/mapr/hive/hive-<version>/hcatalog/etc/webhcat/webhcat-site.xml file: 
    <property>
    <name>templeton.kerberos.secret</name>
    <value>secret value</value>
</property>
<property>
    <name>templeton.kerberos.principal</name>
    <value>HTTP/<FQDN@REALM></value>
</property>
<property>
    <name>templeton.kerberos.keytab</name>
    <value>/opt/mapr/conf/HTTP.keytab</value>
</property>
  2. Add the following section to the /opt/mapr/hadoop/hadoop-<version>/conf/core-site.xml file: 
    <property>
      <name>hadoop.proxyuser.HTTP.groups</name>
      <value>*</value>
      <description>Allow the superuser mapr to impersonate any member of any group</description>
</property>
<property>
      <name>hadoop.proxyuser.HTTP.hosts</name>
      <value>*</value>
      <description>The superuser can connect from any host to impersonate a user</description>
</property>
  3. Start WebHCat. See Managing the WebHCat Server.
  4. To test if the connection is working, generate a Kerberos ticket with the kinit utility and then run the following command: 
    curl --negotiate -i -u : 'http://<FQDN>:50111/templeton/v1/ddl/database/'