As of Sqoop2 1.99.6-1507, you can configure Sqoop2 to use Kerberos authentication. However, the cluster and other components that work with Sqoop2, such as Hue, must also use Kerberos authentication.
Note the following items when you complete the configuration steps:
- Replace <FQDN> with the FQDN of the server. To determine this value, run “hostname -f” in the command line.
- Replace <REALM> with the realm name in krb5.conf file which is generated when you install the KDC server on the cluster.
Configuring Kerberos Authentication for Sqoop2:
kadminprogram, run the following commands to create principals for Sqoop 2:
Kerberos uses the principal HTTP/<FQDN>@<REALM> for communication between Sqoop2 client and Sqoop2 server. The principal mapr/<FQDN>@<REALM> is the Sqoop2 user that communicates between Sqoop2 server and MapR-FS.
kadminprogram, run the following commands to create keytabs for the principals:
Modify the following properties in Sqoop2 configuration file (/opt/mapr/sqoop/sqoop-<version>/server/conf/sqoop.properties).
Start Sqoop2 server.
kinitprogram, run the following command to generate a ticket:
Start the Sqoop2 client.