Configure WebHCat to use Kerberos Authentication

To enable WebHCat to use Kerberos, complete the following steps on the node where WebHCat is installed.

  1. Add the following section to the /opt/mapr/hive/hive-<version>/hcatalog/etc/webhcat/webhcat-site.xml file:
    <property>
        <name>templeton.kerberos.secret</name>
        <value>secret value</value>
    </property>
    <property>
        <name>templeton.kerberos.principal</name>
        <value>HTTP/<FQDN@REALM></value>
    </property>
    <property>
        <name>templeton.kerberos.keytab</name>
        <value>/opt/mapr/conf/HTTP.keytab</value>
    </property>
  2. Add the following section to the /opt/mapr/hadoop/hadoop-<version>/conf/core-site.xml file:
    <property>
          <name>hadoop.proxyuser.HTTP.groups</name>
          <value>*</value>
          <description>Allow the superuser mapr to impersonate any member of any group</description>
    </property>
    <property>
          <name>hadoop.proxyuser.HTTP.hosts</name>
          <value>*</value>
          <description>The superuser can connect from any host to impersonate a user</description>
    </property>
  3. Start WebHCat. See Managing the WebHCat Server.
  4. To test if the connection is working, generate a Kerberos ticket with the kinit utility and then run the following command:
    curl --negotiate -i -u : 'http://<FQDN>:50111/templeton/v1/ddl/database/'