Configure Sentry to use Kerberos Authentication

You can configure Sentry to run in a secure cluster that uses Kerberos authentication.

About this task

The same setting are valid for both the file-based and DB storage modes.

Procedure

  1. Configure the following properties in sentry-site.xml file (/opt/mapr/sentry/sentry-<version>/conf/sentry-site.xml):
    <property>  
    <name>sentry.service.security.mode</name>  
    <value>kerberos</value>  
    <description>Options: kerberos, other, none. Authentication mode for Sentry service.</description>
    </property>  
    
    <property>
    <name>sentry.hive.testing.mode</name>   
    <value>false</value>
    </property>
  2. Add the following properties in sentry-site.xml (/opt/mapr/sentry/sentry-<version>/conf/sentry-site.xml):
    property>  
    <name>sentry.service.server.principal</name>  
    <value>mapr/<FQDN@REALM></value>
    </property>  
    
    <property>  
    <name>sentry.service.server.keytab</name>  
    <value>/opt/mapr/conf/mapr.keytab</value></property>  
    
    <property>  
    <name>sentry.service.allow.connect</name>  
    <value>mapr,hive,impala</value>
    </property>