Configure Kerberos Authentication for Sqoop2

As of Sqoop2 1.99.6-1507, you can configure Sqoop2 to use Kerberos authentication. However, the cluster and other components that work with Sqoop2, such as Hue, must also use Kerberos authentication.

  1. Modify the following properties in Sqoop2 configuration file (/opt/mapr/sqoop/sqoop-<version>/server/conf/sqoop.properties).
    org.apache.sqoop.security.authentication.type=KERBEROS
    org.apache.sqoop.security.authentication.handler=org.apache.sqoop.security.authentication.KerberosAuthenticationHandler
    org.apache.sqoop.security.authentication.kerberos.principal=mapr/<FQDN>@<REALM>
    org.apache.sqoop.security.authentication.kerberos.keytab=/opt/mapr/conf/mapr.keytab
    org.apache.sqoop.security.authentication.kerberos.http.principal=HTTP/<FQDN>@<REALM>
    org.apache.sqoop.security.authentication.kerberos.http.keytab=/opt/mapr/conf/mapr.keytab
    org.apache.sqoop.security.authentication.enable.doAs=true
    org.apache.sqoop.security.authentication.proxyuser.mapr.users=*
  2. Start Sqoop2 server.
    maprcli node services -name sqoop2 -action start -nodes <space delimited list of nodes>
  3. Using the kinit program, run the following command to generate a ticket:
    kinit HTTP/<FQDN>@<REALM> -kt /opt/mapr/conf/mapr.keytab 
  4. Start the Sqoop2 client.
    sudo -u mapr /opt/mapr/sqoop/sqoop-<version>/bin/sqoop.sh client