Configure Kerberos for HBase REST Gateway

  1. Add the following to the hbase-site.xml file for every REST Gateway:
    <property>
        <name>hbase.rest.keytab.file</name>
        <value>$KEYTAB</value>
    </property>
    <property>
        <name>hbase.rest.kerberos.principal</name>
        <value>$USER/_HOST@HADOOP.LOCALDOMAIN</value>
    </property>

    Substitute the appropriate credential and keytab for $USER and $KEYTAB respectively.

    The REST Gateway will authenticate with HBase using the supplied credential.

  2. To enable REST Gateway Kerberos authentication for client access, add the following to the hbase-site.xml file for every REST Gateway:
    <property>
        <name>hbase.rest.authentication.type</name>
        <value>kerberos</value>
    </property>
    <property>
        <name>hbase.rest.authentication.kerberos.principal</name>
        <value>HTTP/_HOST@HADOOP.LOCALDOMAIN</value>
    </property>
    <property>
        <name>hbase.rest.authentication.kerberos.keytab</name>
        <value>$KEYTAB</value>
    </property>
    <!-- Add these if you need to configure a different DNS interface from the default -->
    <property>
        <name>hbase.rest.dns.interface</name>
        <value>default</value>
    </property>
    <property>
        <name>hbase.rest.dns.nameserver</name>
        <value>default</value>
    </property>

    Substitute the keytab for HTTP for $KEYTAB.