Finally, administrators must add the following lines to the storm.yaml configuration file to enable authentication with Kerberos:
storm.thrift.transport: "backtype.storm.security.auth.kerberos.KerberosSaslTransportPlugin" java.security.auth.login.config: "/path/to/jaas.conf" nimbus.authorizer: "backtype.storm.security.auth.authorizer.SimpleACLAuthorizer" storm.principal.tolocal: "backtype.storm.security.auth.KerberosPrincipalToLocal" storm.zookeeper.superACL: "sasl:storm" nimbus.admins: - "storm" nimbus.supervisor.users: - "storm" nimbus.childopts: "-Xmx1024m -Djavax.net.debug=ssl -Dsun.security.krb5.debug=true -Djava.security.auth.login.config=/vagrant/storm_jaas.conf -Djava.security.krb5.realm=HOST1.COM -Djava.security.krb5.kdc=kdc.host1.com" ui.childopts: "-Xmx768m -Djavax.net.debug=ssl -Dsun.security.krb5.debug=true -Djava.security.auth.login.config=/vagrant/storm_jaas.conf -Djava.security.krb5.realm=HOST1.COM -Djava.security.krb5.kdc=kdc.host1.com" supervisor.childopts: "-Xmx256m -Djavax.net.debug=ssl -Dsun.security.krb5.debug=true -Djava.security.auth.login.config=/vagrant/storm_jaas.conf -Djava.security.krb5.realm=HOST1.COM -Djava.security.krb5.kdc=kdc.host1.com" ui.filter: "org.apache.hadoop.security.authentication.server.AuthenticationFilter" ui.filter.params: "type": "kerberos" "kerberos.principal": "HTTP/nimbus.host1.com" "kerberos.keytab": "/vagrant/keytabs/http.keytab" "kerberos.name.rules": "RULE:[2:$1@$0] ([jt]t@.*EXAMPLE.COM)s/.*/$MAPRED_USER/ RULE:[2:$1@$0]([nd]n@.*EXAMPLE.COM)s/.*/$HDFS_USER/DEFAULT"
