Security Reference
Also available as:
PDF
loading table of contents...

Optional: Configure Client-Side Operation for Secure Operation- Thrift Gateway

How to configure a client side operation for secure operations (Thrift Gateway) when setting up Kerberos for non-Ambari clusters.

Add the following to the $HBASE_CONF_DIR/hbase-site.xml file for every Thrift gateway:
<property>
      <name>hbase.thrift.keytab.file</name>
      <value>/etc/hbase/conf/hbase.keytab</value>
    </property>
    <property>
      <name>hbase.thrift.kerberos.principal</name>
      <value>$USER/_HOST@HADOOP.LOCALDOMAIN</value>
    </property>

Substitute the appropriate credential and keytab for $USER and $KEYTAB respectively.

The Thrift gateway will authenticate with HBase using the supplied credential. No authentication will be performed by the Thrift gateway itself. All client access via the Thrift gateway will use the Thrift gateway's credential and have its privilege.