Where $FQDN is the host name of the Hue server and EXAMPLE.COM is the Hadoop realm, create a principal for the Hue server:

# kadmin.local
kadmin.local: addprinc -randkey hue/$FQDN@EXAMPLE.COM

Where $FQDN is the host name of the Hue server and EXAMPLE.COM is the Hadoop realm, generate a keytab for the Hue principal:

kadmin.local: xst -k hue.service.keytab hue/$FQDN@EXAMPLE.COM

Put the hue.service.keytab file on the host where the Hue server is installed, in the directory /etc/security/keytabs.

Set the permissions and ownership of the /etc/security/keytabs/hue.service.keytab file as follows:

chown hue:hadoop /etc/security/keytabs/hue.service.keytab 
chmod 600 /etc/security/keytabs/hue.service.keytab

Where $FQDN is the host name of the Hue server and EXAMPLE.COM is the Hadoop realm, use kinit to confirm that the /etc/security/keytabs/hue.service.keytab file is accessible to Hue:

su - hue kinit -k -t /etc/security/keytabs/hue.service.keytab hue/$FQDN@EXAMPLE.COM

Where $FQDN is the host name of the Hue server and EXAMPLE.COM is the Hadoop realm, add the following to the [kerberos] section in the /etc/hue/conf/hue.ini configuration file:

[[kerberos]] 
# Path to Hue's Kerberos keytab file
hue_keytab=/etc/security/keytabs/hue.service.keytab 
# Kerberos principal name for Hue 
hue_principal=hue/$FQDN@EXAMPLE.COM

Set the path to kinit, based on the OS.

If you do not know the full path to kinit, you can find it by issuing the command where is kinit.

The following is an example of setting the path to kinit for RHEL/CentOS 6.x:

# Path to kinit 
# For RHEL/CentOS 6.x, kinit_path is /usr/bin/kinit
kinit_path=/usr/kerberos/bin/kinit

Optionally, for faster performance, you can keep Kerberos credentials cached:

ccache_path=/tmp/hue_krb5_ccache

Edit the /etc/hue/conf/hue.ini configuration file and set set security_enabled=true for every component in the configuration file.

Save the /etc/hue/conf/hue.ini configuration file.

Restart Hue:

# /etc/init.d/hue start

Validate the Hue installation.