To enable Hue to work with a HDP cluster configured for Kerberos, make the following changes to Hue and Kerberos.
Configure Kerberos as described in Setting Up Security for Manual Installs.
Create a principal for the Hue Server.
addprinc -randkey hue/$FQDN@EXAMPLE.COM
where $FQDN is the hostname of the Hue Server and EXAMPLE.COM is the Hadoop realm.
Generate a keytab for the Hue principal.
xst -k hue.service.keytab hue/$FQDN@EXAMPLE.COM
Place the keytab file on the Hue Server. Set the permissions and ownership of the keytab file.
/etc/security/keytabs/hue.service.keytab chown hue:hadoop /etc/security/keytabs/hue.service.keytab chmod 600 /etc/security/keytabs/hue.service.keytab
Confirm the keytab is accessible by testing kinit.
su - hue kinit -k -t /etc/security/keytabs/hue.service.keytab hue/$FQDN@EXAMPLE.COM
Add the following to the [kerberos] section in the /etc/hue/conf/hue.ini configuration file.
[[kerberos]] # Path to Hue's Kerberos keytab file hue_keytab=/etc/security/keytabs/hue.service.keytab # Kerberos principal name for Hue hue_principal=hue/$FQDN@EXAMPLE.COM
Set the path to the kinit based on the OS.
# Path to kinit # For RHEL/CentOS 5.x, kinit_path is /usr/kerberos/bin/kinit # For RHEL/CentOS 6.x, kinit_path is /usr/bin/kinit kinit_path=/usr/kerberos/bin/kinit
Set security_enabled=true for every component in hue.ini.
[[hdfs_clusters]], [[yarn_clusters]], [[liboozie]], [[hcatalog]]
Save the hue.ini file.
Restart Hue:
# /etc/init.d/hue start