2.2.4. Configure secure Hue

  1. On the NameNode and all DataNodes host machines, edit the $HADOOP_CONF_DIRcore-site.xml file, to add the following information:

    <property>   
       <name>hue.kerberos.principal.shortname</name>   
       <value>hue</value> 
    </property> 
    <property>   
      <name>hadoop.proxyuser.HTTP.hosts</name>
      <value>*</value> <!--(or internal ip) -->   
      <description>Proxy host for Hadoop.</description> 
    </property> 
    <property>   
      <name>hadoop.proxyuser.HTTP.groups</name>
      <value>*</value> <!--(or users) -->   
      <description>Proxy groups for Hadoop.</description> 
    </property> 

    where $HADOOP_CONF_DIR is the directory for storing the Hadoop configuration files. For example, /etc/hadoop/conf.

  2. Ensure that the following command returns valid Kerberos ticket:

    $klist
  3. Edit /etc/hue/conf/hue.ini file, to add the following information:

    ...
    [[kerberos]]
    
    # Path to Hue's Kerberos keytab file
    hue_keytab=/etc/security/keytabs/hue.service.keytab
    
    # Kerberos principal name for Hue
    hue_principal=hue/$FQDN_HueServer_Host_Machine
    
    # Path to kinit
    # For RHEL/CentOS 5.x, kinit_path is /usr/kerberos/bin/kinit
    # For RHEL/CentOS 6.x, kinit_path is /usr/bin/kinit 
    kinit_path= 
    

    Uncomment all security_enabled settings and set them to true.

    jt_kerberos_principal=jt
    beeswax_server_host=$FQDN_HueServer_Host_Machine


loading table of contents...