Hadoop Security Guide
Also available as:
PDF
loading table of contents...

SPNEGO setup for WebHCat

To set up secure WebHCat, set the following properties in the /etc/hcatalog/conf/webhcat-site.xml file:

</property>
    <name>templeton.kerberos.principal</name>
    <value>HTTP/host1234.example.com@EXAMPLE.COM</value>
    <description/>
<property>

The templeton.kerberos.principal property must use the host name of the WebHCat Server.

<property>
    <name>templeton.kerberos.keytab</name>
    <value>/etc/security/keytabs/spnego.service.keytab</value>
    <description/>
</property>
<property>
    <name>templeton.kerberos.secret</name>
    <value>secret</value>
    <description/>
</property>
<property>
    <name>templeton.hive.properties</name>
    <value>hive.metastore.local=false,hive.metastore.uris=thrift://host1234.example.com:9083,
                    hive.metastore.sasl.enabled=true,hive.metastore.execute.setugi=true,
                    hive.exec.mode.local.auto=false,
                    hive.metastore.kerberos.principal=hive/_HOST@EXAMPLE.COM</value>
         <description>Properties to set when running hive.</description>
</property>                   

Be sure to set the templeton.hive.properties property with the host name for your Thrift server.