Configure Kerberos Authentication for Sqoop2

About this task

As of Sqoop2 1.99.6-1507, you can configure Sqoop2 to use Kerberos authentication. However, the cluster and other components that work with Sqoop2, such as Hue, must also use Kerberos authentication.

Procedure

  1. Modify the following properties in Sqoop2 configuration file (/opt/mapr/sqoop/sqoop-<version>/server/conf/sqoop.properties). 
    org.apache.sqoop.security.authentication.type=KERBEROS
org.apache.sqoop.security.authentication.handler=org.apache.sqoop.security.authentication.KerberosAuthenticationHandler
org.apache.sqoop.security.authentication.kerberos.principal=mapr/<FQDN>@<REALM>
org.apache.sqoop.security.authentication.kerberos.keytab=/opt/mapr/conf/mapr.keytab
org.apache.sqoop.security.authentication.kerberos.http.principal=HTTP/<FQDN>@<REALM>
org.apache.sqoop.security.authentication.kerberos.http.keytab=/opt/mapr/conf/mapr.keytab
org.apache.sqoop.security.authentication.enable.doAs=true
org.apache.sqoop.security.authentication.proxyuser.mapr.users=*
  2. Start Sqoop2 server. 
    maprcli node services -name sqoop2 -action start -nodes <space delimited list of nodes>
  3. Using the kinit program, run the following command to generate a ticket: 
    kinit HTTP/<FQDN>@<REALM> -kt /opt/mapr/conf/mapr.keytab
  4. Start the Sqoop2 client. 
    sudo -u mapr /opt/mapr/sqoop/sqoop-<version>/bin/sqoop.sh client