Complete the following steps to enable Kerberos security on nodes where you run the httpFS service:
1. Verify that context.xml.jpamLogin Exists
Verify that the following file exists: /
This file may have been renamed to
context.xml to configure PAM authentication for HttpFS. However, to configure Kerberos for HttpFS, rename the file back to
2. Modify the
MapR provides a Kerberos-ready version of the
httpfs-site.xml file called
httpfs-site.xml.kerberos. This file resides in
/opt/mapr/httpfs/httpfs-1.0/etc/hadoop. You must edit this file and specify the kerberos principal name for the nodes where you are running httpFS, restart the httpFS server, and then you can test the set-up. Each step is explained here.
To set up the
httpfs-site.xml file for each node running the httpFS service, follow these steps:
Assign a new name to the existing
httpfs-site.xmlfile (to preserve the original version when the file gets overwritten in step 2).
Copy the kerberos version (
httpfs-site.xml.kerberos) to the existing
httpfs-site.xmlfile and insert the principal name as shown:
Restart the httpFS server so the changes will take effect.
Test that security is in place by entering the following command to create a file in MapR-FS. The command will fail if security is not set up correctly.
Configure the HTTP Header Size (optional)
maxHttpHeaderSize parameter defines the maximum size of the request and response HTTP header, specified in bytes. If it is not specified, this parameter defaults to 8192 (8KB).
When Kerberos security is enabled, you may need to increase this value in the
If you do not increase this value, you may encounter errors of the following form:
HTTP/1.1 400 Bad Request
After making this configuration change, restart the httpFS server.