Step 3: Modify the httpfs-site.xml File

A Kerberos-ready version of the httpfs-site.xml file called httpfs-site.xml.kerberos is provided in /opt/mapr/httpfs/httpfs-1.0/etc/hadoop. Edit this file and specify the Kerberos principal name for the nodes running HttpFS, restart the HttpFS server, and then test the set-up. Each step is explained here.

To set up the httpfs-site.xml file for each node running the HttpFS service, follow these steps:

  1. Assign a new name to the existing httpfs-site.xml file (to preserve the original version when the file gets overwritten in step 2).
    cp /opt/mapr/httpfs/httpfs-1.0/etc/hadoop httpfs-site.xml httpfs-site.xml.original
  2. Copy the kerberos version (httpfs-site.xml.kerberos) to the existing httpfs-site.xml file.
    cp /opt/mapr/httpfs/httpfs-1.0/etc/hadoop httpfs-site.xml.kerberos httpfs-site.xml
  3. Edit the httpfs-site.xml file and insert the principal name as shown, substituting your fully qualified domain name and realm for
  4. Restart the HttpFS server so the changes will take effect.
    maprcli node services -name httpfs -action restart -nodes <node_name>
  5. Test that security is in place by entering the following command to create a file in MapR file system. The command will fail if security is not set up correctly.
    curl --negotiate -u : -b ~/cookiejar.txt -c ~/cookiejar.txt -i -X PUT