Configure WebHCat to use Kerberos Authentication
About this task
To enable WebHCat to use Kerberos, complete the following steps on the node where WebHCat is installed.
Procedure
-
Add the following section to the
/opt/mapr/hive/hive-<version>/hcatalog/etc/webhcat/webhcat-site.xml
file:<property> <name>templeton.kerberos.secret</name> <value>secret value</value> </property> <property> <name>templeton.kerberos.principal</name> <value>HTTP/<FQDN@REALM></value> </property> <property> <name>templeton.kerberos.keytab</name> <value>/opt/mapr/conf/HTTP.keytab</value> </property>
-
Add the following section to the
/opt/mapr/hadoop/hadoop-<version>/conf/core-site.xml
file:<property> <name>hadoop.proxyuser.HTTP.groups</name> <value>*</value> <description>Allow the superuser mapr to impersonate any member of any group</description> </property> <property> <name>hadoop.proxyuser.HTTP.hosts</name> <value>*</value> <description>The superuser can connect from any host to impersonate a user</description> </property>
- Start WebHCat. See Managing the WebHCat Server.
-
To test if the connection is working, generate a Kerberos ticket with
the
kinit
utility and then run the following command:curl --negotiate -i -u : 'http://<FQDN>:50111/templeton/v1/ddl/database/'