Optional: Configure client-side operation for secure operation - Thrift Gateway
Add the following to the
file for every Thrift gateway:$HBASE_CONF_DIR
/hbase-site.xml
<property>
<name>hbase.thrift.keytab.file</name>
<value>/etc/hbase/conf/hbase.keytab</value>
</property>
<property>
<name>hbase.thrift.kerberos.principal</name>
<value>$USER
/_HOST@HADOOP.LOCALDOMAIN</value>
</property>
Substitute the appropriate credential and keytab for
$USER
and
$KEYTAB
respectively.
The Thrift gateway will authenticate with HBase using the supplied credential. No authentication will be performed by the Thrift gateway itself. All client access via the Thrift gateway will use the Thrift gateway's credential and have its privilege.