3. Configuring Hue

To enable Hue to work with a HDP cluster configured for Kerberos, make the following changes to Hue and Kerberos.

  1. Configure Kerberos as described in Setting Up Security for Manual Installs.

  2. Create a principal for the Hue Server.

    addprinc -randkey hue/$FQDN@EXAMPLE.COM

    where $FQDN is the hostname of the Hue Server and EXAMPLE.COM is the Hadoop realm.

  3. Generate a keytab for the Hue principal.

    xst -k hue.service.keytab hue/$FQDN@EXAMPLE.COM

  4. Place the keytab file on the Hue Server. Set the permissions and ownership of the keytab file.

    /etc/security/keytabs/hue.service.keytab 
    chown hue:hadoop /etc/security/keytabs/hue.service.keytab 
    chmod 600 /etc/security/keytabs/hue.service.keytab 
  5. Confirm the keytab is accessible by testing kinit.

    su - hue kinit -k -t /etc/security/keytabs/hue.service.keytab hue/$FQDN@EXAMPLE.COM

  6. Add the following to the [kerberos] section in the /etc/hue/conf/hue.ini configuration file.

    [[kerberos]] 
    # Path to Hue's Kerberos keytab file
    hue_keytab=/etc/security/keytabs/hue.service.keytab 
    # Kerberos principal name for Hue 
    hue_principal=hue/$FQDN@EXAMPLE.COM
  7. Set the path to the kinit based on the OS.

    # Path to kinit 
    # For RHEL/CentOS 5.x, kinit_path is /usr/kerberos/bin/kinit 
    # For RHEL/CentOS 6.x, kinit_path is /usr/bin/kinit
    kinit_path=/usr/kerberos/bin/kinit 
  8. Set security_enabled=true for every component in hue.ini.

    [[hdfs_clusters]], [[yarn_clusters]], [[liboozie]], [[hcatalog]]

  9. Save the hue.ini file.

  10. Restart Hue:

    # /etc/init.d/hue start


loading table of contents...