Configuring for Secure Clusters

There are two sets of configuration properties required to secure the Atlas server: service identify properties and HTTP authentication properties.

Set the service identify properties.
The following properties designate the authentication mechanism leveraged by the server to establish its identity:
atlas.authentication.method = simple|kerberos
atlas.authentication.principal = atlas/_HOST (required if the method selected is "kerberos")
atlas.authentication.keytab = <path to keytab file containing defined principal>
Set the HTTP Authentication properties.
The properties for configuring the Atlas server HTTP authentication mechanism are:
atlas.http.authentication.enabled = true|false
atlas.http.authentication.type = simple|kerberos
atlas.http.authentication.kerberos.principal = HTTP/_HOST (required for Kerberos authentication type)
atlas.http.authentication.kerberos.keytab = <path to SPNEGO keytab> (required for Kerberos authentication type)

Configure the Hive post execution hook by manually adding the following properties to hive-site.xml:

<property>
      <name>atlas.cluster.name</name>
      <value>NAME-OF-CLUSTER</value>
    </property>

    <property>
      <name>atlas.rest.address</name>
      <value>http://ATLAS-FQDN:21000</value>
    </property>

Add the Atlas hook to list of any existing Hive post execution hooks. For example:

<property>
      <name>hive.exec.post.hooks</name>
      <value>org.apache.hadoop.hive.ql.hooks.ATSHook, org.apache.atlas.hive.hook.HiveHook</value>
    </property>

​Configuring for Secure Clusters

Configuring for Secure Clusters