2.3.1. core-site.xml

To the core-site.xml file on every host in your cluster, you must add the following information:

Table 13.3. core-site.xml

Property Name	Property Value	Description
hadoop.security.authentication	`kerberos`	Set the authentication type for the cluster. Valid values are: simple or kerberos.
hadoop.rpc.protection	`authentication; integrity; privacy`	This is an [OPTIONAL] setting. If not set, defaults to `authentication`. `authentication`= authentication only; the client and server mutually authenticate during connection setup. `integrity` = authentication and integrity; guarantees the integrity of data exchanged between client and server as well as authentication. `privacy` = authentication, integrity, and confidentiality; guarantees that data exchanged between client and server is encrypted and is not readable by a “man in the middle”.
hadoop.security.authorization	`true`	Enable authorization for different protocols.
hadoop.security.auth_to_local	The mapping rules. For example RULE:[2:$1@$0]([jt]t@.EXAMPLE.COM)s/./$MAPRED_USER/ RULE:[2:$1@$0]([nd]n@.EXAMPLE.COM)s/./$HDFS_USER/ RULE:[2:$1@$0](hm@.EXAMPLE.COM)s/./$HBASE_USER/ RULE:[2:$1@$0](rs@.EXAMPLE.COM)s/./$HABSE_USER/ DEFAULT	The mapping from Kerberos principal names to local OS user names. See Creating Mappings Between Principals and OS Service Usernames for more information.
hadoop.proxyuser.hive. groups	$HIVE_USER	Allows the Hive superuser to impersonate any member of the group users. This is required only when installing Hive on the cluster.
hadoop.proxyuser.hive. hosts	$HIVE_USER_Hostname_FQDN	The name of the host from which the Hive superuser can connect. This is required only when installing Hive on the cluster.
hadoop.proxyuser.oozie. groups	$OOZIE_USER	Allows the Oozie superuser to impersonate any member of the group users. This is required only when installing Oozie on the cluster.
hadoop.proxyuser.oozie. hosts	$OOZIE_USER_Hostname_FQDN	The name of the host from which the Oozie superuser can connect. This is required only when installing Oozie on the cluster.
hadoop.proxyuser.HTTP. groups	users	Allows the HTTP superuser to impersonate any member of the group users.
hadoop.proxyuser.HTTP. hosts	WebHCat_Hostname_FQDN	The name of the host from which the HTTP superuser can connect.
hadoop.proxyuser.hcat.groups	users	Allow the superuser hcat to impersonate any members of the group users. This is required only when installing webhcat on the cluster.
hadoop.proxyuser.hcat.hosts	Webhcat_Hostname_FQDN	Hostname from where superuser hcat can connect. This is required only when installing webhcat on the cluster.

The XML for these entries:

  <property>   
        <name>hadoop.security.authentication</name>   
        <value>kerberos</value>   
        <description>Set the authentication for the cluster. Valid values are: simple or   
        kerberos.   
        </description>  
</property> 

<property>  
        <name>hadoop.security.authorization</name>  
        <value>true</value>  
        <description>Enable authorization for different protocols.  
        </description> 
</property>    

<property>
    
        <name>hadoop.security.auth_to_local</name>    
        <value>        
        RULE:[2:$1@$0]([jt]t@.*EXAMPLE.COM)s/.*/$MAPRED_USER/        
        RULE:[2:$1@$0]([nd]n@.*EXAMPLE.COM)s/.*/$HDFS_USER/        
        RULE:[2:$1@$0](hm@.*EXAMPLE.COM)s/.*/$HBASE_USER/        
        RULE:[2:$1@$0](rs@.*EXAMPLE.COM)s/.*/$HBASE_USER/        
        DEFAULT</value> 
        <description>The mapping from kerberos principal names
        to local OS user names.</description>
</property>
                
<property>
  <name>hadoop.proxyuser.hive.groups</name>
  <value>users</value>
  <description>
     Allow the superuser hive to impersonate any members of the group users. This
     is required only when installing hive on the cluster.
  </description>
</property>

<property>
  <name>hadoop.proxyuser.hive.hosts</name>
  <value>Hive_Hostname_FQDN</value>
  <description>
     Hostname from where superuser hive can connect. This
     is required only when installing hive on the cluster.
  </description>
</property>

<property>
  <name>hadoop.proxyuser.oozie.groups</name>
 <value>users</value>
  <description>
     Allow the superuser oozie to impersonate any members of the group users. This
     is required only when installing oozie on the cluster.
 </description>
</property>

<property>
  <name>hadoop.proxyuser.oozie.hosts</name>
  <value>Oozie_Hostname_FQDN</value>
 <description>
     Hostname from where superuser oozie can connect. This
     is required only when installing oozie on the cluster.
  </description>
</property>

<property>
 <name>hadoop.proxyuser.hcat.hosts</name>
  <value>Webhcat_Hostname_FQDN</value>
  <description>
     Hostname from where superuser hcat can connect. This
     is required only when installing webhcat on the cluster.
  </description>
</property>

<property>
  <name>hadoop.proxyuser.HTTP.groups</name>
 <value>users</value>
 <description>
     Allow the superuser HTTP to impersonate any members of the group users.
  </description>
</property>

<property>
  <name>hadoop.proxyuser.HTTP.hosts</name>
  <value>Webhcat_Hostname_FQDN</value>
 <description>
     Hostname from where superuser HTTP can connect.
 </description>
</property>

 <property>
  <name>hadoop.proxyuser.hcat.groups</name>
 <value>users</value>
  <description>
     Allow the superuser hcat to impersonate any members of the group users. This
     is required only when installing webhcat on the cluster.
 </description>
</property>

<property>
 <name>hadoop.proxyuser.hcat.hosts</name>
  <value>Webhcat_Hostname_FQDN</value>
  <description>
     Hostname from where superuser hcat can connect. This
     is required only when installing webhcat on the cluster.
  </description>
</property>

Legal notices