Create a Kerberos Principal and a keytab File for Hue and Enable Kerberos Tickets for YARN

NOTE: Skip this task if you are not using YARN.

Creating a Kerberos Principal

Set up the Kerberos principal and keytab file as shown Create a Kerberos Principal and a keytab File for JobTracker.

Using Kerberos Tickets for Hue

Using the keytab and principal you created in the previous step, complete the following steps:

  1. Extract the Kerberos ticket from the keytab file.
  2. Optionally, enable the Kerberos ticket renewer.

Extracting the Kerberos Ticket from the keytab File

To extract the ticket from the keytab file, run the following command (substitute your host and realm for perfnode181.perf.lab@dev-maprtech):

kinit -k -t /opt/mapr/conf/mapr.keytab -c /tmp/hue_krb5_ccache mapr/perfnode181.perf.lab@dev-maprtech

This command extracts the ticket from mapr.keytab and copies it to the path to the Kerberos ticket file used by Hue.

Enabling the Kerberos Ticket Renewer

Kerberos tickets have a default expiration time of 7 days. If you plan to use the Hue Kerberos ticket renewer in your cluster, enable this functionality by making changes to these two files:

  • kdc.conf (add the max_renewable_life parameter)
  • krb5.conf (add the renew_lifetime parameter)