MapR 5.1 is at End of Life (EOL) and no longer supported. Please see the latest documentation. This documentation is not being updated.

Home
5.1 Administration
This section contains administration information such as managing your cluster, data, users, jobs and security information such as configuring your security environment and auditing.
Security Guide
Getting Started with MapR Security
Describes the two core scenarios that allow quick implementation of security features.
Enable Impersonation
Enable Impersonation for HBase
Enable Impersonation in the HBase REST Gateway

MapR 5.1 Documentation

5.1 Administration
This section contains administration information such as managing your cluster, data, users, jobs and security information such as configuring your security environment and auditing.
- Administrator Guide
- Security Guide
  - Security Overview
    Describes the security features of the MapR Converged Data Platform.
  - Security Architecture
    Describes the default security architecture and additional authentication and encryption capabilities.
  - Logging into a Secure Cluster
    Describes how to use tickets to access a secure MapR cluster.
  - Tickets and Certificates
    Describes how tickets and certificates authenticate users and servers to a cluster.
  - Getting Started with MapR Security
    Describes the two core scenarios that allow quick implementation of security features.
  - Configuring MapR Security
    Describes how to enable security features and configure the components on a secure cluster.
  - Auditing of Cluster Administration and Operations on Directories, Files, Tables, and Streams
    Describes how to process and use audit records to improve data analysis.

Enable Impersonation in the HBase REST Gateway

About this task

To enable HBase REST Gateway impersonation, configure all HBase servers to allow proxy users, then configure every REST Gateway to enable impersonation.

Procedure

To allow proxy users, add the following to the hbase-site.xml file for every HBase server (masters and region servers):

<property>
    <name>hadoop.security.authorization</name>
    <value>true</value>
</property>
<property>
    <name>hadoop.proxyuser.$USER.groups</name>
    <value>$GROUPS</value>
</property>
<property>
    <name>hadoop.proxyuser.$USER.hosts</name>
    <value>$GROUPS</value>
</property>

Substitute the REST Gateway proxy user for $USER, and the allowed group list for $GROUPS.

To enable REST Gateway impersonation, add the following to the hbase-site.xml file for every REST gateway:

<property>
    <name>hbase.rest.authentication.type</name>
    <value>kerberos</value>
</property>
<property>
    <name>hbase.rest.authentication.kerberos.principal</name>
    <value>HTTP/_HOST@HADOOP.LOCALDOMAIN</value>
</property>
<property>
    <name>hbase.rest.authentication.kerberos.keytab</name>
    <value>$KEYTAB</value>
</property>

Substitute the keytab for HTTP for $KEYTAB.