MapR 5.0 Documentation : Configure Sentry to use Kerberos Authentication

You can configure Sentry to run in a secure cluster that uses Kerberos authentication. The same setting are valid for both the file-based and DB storage modes.

  1. Configure the following properties in sentry-site.xml file (/opt/mapr/sentry/sentry-<version>/conf/sentry-site.xml):

    <property>
      <name>sentry.service.security.mode</name>
      <value>kerberos</value>
      <description>Options: kerberos, other, none. Authentication mode for Sentry service.</description>
    </property>
    
    
    <property>
      <name>sentry.hive.testing.mode</name>
       <value>false</value>
    </property>
  2. Add the following properties in sentry-site.xml  (/opt/mapr/sentry/sentry-<version>/conf/sentry-site.xml):

    <property>
      <name>sentry.service.server.principal</name>
      <value>mapr/<FQDN@REALM></value>
    </property>
    
    
    <property>
      <name>sentry.service.server.keytab</name>
      <value>/opt/mapr/conf/mapr.keytab</value>
    </property>
    
    
    <property>
      <name>sentry.service.allow.connect</name>
      <value>mapr,hive,impala</value>
    </property>