Step 4: Modify the httpfs-site.xml File

MapR provides a Kerberos-ready version of the httpfs-site.xml file called httpfs-site.xml.kerberos. This file resides in /opt/mapr/httpfs/httpfs-1.0/etc/hadoop. You must edit this file and specify the kerberos principal name for the nodes where you are running httpFS, restart the httpFS server, and then you can test the set-up. Each step is explained here.

To set up the httpfs-site.xml file for each node running the httpFS service, follow these steps:

  1. Assign a new name to the existing httpfs-site.xml file (to preserve the original version when the file gets overwritten in step 2).
    cp /opt/mapr/httpfs/httpfs-1.0/etc/hadoop httpfs-site.xml httpfs-site.xml.original
  2. Copy the kerberos version (httpfs-site.xml.kerberos) to the existing httpfs-site.xml file.
    cp /opt/mapr/httpfs/httpfs-1.0/etc/hadoop httpfs-site.xml.kerberos httpfs-site.xml
  3. Edit the httpfs-site.xml file and insert the principal name as shown, substituting your fully qualified domain name and realm for
  4. Restart the httpFS server so the changes will take effect.
    sudo -u mapr /opt/mapr/httpfs/httpfs-1.0/sbin/ stop
    sudo -u mapr /opt/mapr/httpfs/httpfs-1.0/sbin/ start
  5. Test that security is in place by entering the following command to create a file in MapR-FS. The command will fail if security is not set up correctly.
    curl --negotiate -u : -b ~/cookiejar.txt -c ~/cookiejar.txt -i -X PUT