Configure Sentry to use Kerberos Authentication
You can configure Sentry to run in a secure cluster that uses Kerberos authentication.
About this task
IMPORTANT This component is deprecated. Hewlett Packard
Enterprise recommends using an alternate product. For more information, see Discontinued Ecosystem Components.
The
same settings are valid for both the file-based and database storage modes.Procedure
-
Configure the following properties in the
/opt/mapr/sentry/sentry-<version>/conf/sentry-site.xml
file:<property> <name>sentry.service.security.mode</name> <value>kerberos</value> <description>Options: kerberos, other, none. Authentication mode for Sentry service.</description> </property> <property> <name>sentry.hive.testing.mode</name> <value>false</value> </property>
-
Add the following properties to
/opt/mapr/sentry/sentry-<version>/conf/sentry-site.xml
:<property> <name>sentry.service.server.principal</name> <value>mapr/<FQDN@REALM></value> </property> <property> <name>sentry.service.server.keytab</name> <value>/opt/mapr/conf/mapr.keytab</value> </property> <property> <name>sentry.service.allow.connect</name> <value>mapr,hive,impala</value> </property>
-
Before starting Sentry, use the kinit tool:
kinit -kt /opt/mapr/conf/mapr.keytab -p mapr/<CLUSTER_NAME@REALM>
Example
kinit -kt /opt/mapr/conf/mapr.keytab -p mapr/my.cluster.com@NODE1