Configure Sentry to use Kerberos Authentication
You can configure Sentry to run in a secure cluster that uses Kerberos authentication.
About this task
Procedure
-
Configure the following properties in sentry-site.xml file
(/opt/mapr/sentry/sentry-<version>/conf/sentry-site.xml):
<property> <name>sentry.service.security.mode</name> <value>kerberos</value> <description>Options: kerberos, other, none. Authentication mode for Sentry service.</description> </property> <property> <name>sentry.hive.testing.mode</name> <value>false</value> </property>
-
Add the following properties in sentry-site.xml
(/opt/mapr/sentry/sentry-<version>/conf/sentry-site.xml):
property> <name>sentry.service.server.principal</name> <value>mapr/<FQDN@REALM></value> </property> <property> <name>sentry.service.server.keytab</name> <value>/opt/mapr/conf/mapr.keytab</value></property> <property> <name>sentry.service.allow.connect</name> <value>mapr,hive,impala</value> </property>