Kerberos principal and keytab properties for Ozone service daemons

For the Kerberos-authenticated users or client applications to access Ozone, each of the Ozone components requires a Kerberos service principal name and a corresponding kerberos keytab file. You must set the corresponding in ozone-site.xml.

The following are the properties for the Kerberos service principal and the keytab file that you must set for the different Ozone components:

Storage Container Manager (SCM) properties

Property	Description
`hdds.scm.kerberos.principal`	The SCM service principal. You can specify this value, for example, in the following format: `scm/_HOST@REALM.COM`
`hdds.scm.kerberos.keytab.file`	The keytab file that the SCM daemon uses to log in as its service principal.
`hdds.scm.http.auth.kerberos.principal`	The service principal of the SCM HTTP server.
`hdds.scm.http.auth.kerberos.keytab`	The keytab file that the SCM HTTP server uses to log in as its service principal.

Ozone Manager (OM) properties

Property	Description
`ozone.om.kerberos.principal`	The Ozone Manager service principal. You can specify this value, for example, in the following format: `om/_HOST@REALM.COM`
`ozone.om.kerberos.keytab.file`	The keytab file that the Ozone Manager daemon uses to log in as its service principal.
`ozone.om.http.auth.kerberos.principal`	The service principal of the Ozone Manager HTTP server.
`ozone.om.http.auth.kerberos.keytab`	The keytab file that the Ozone Manager HTTP server uses to log in as its service principal.

S3 Gateway properties

Property	Description
`ozone.s3g.kerberos.principal`	The S3 Gateway principal. You can specify this value, for example, in the following format: `s3g/_HOST@REALM.COM`
`ozone.s3g.kerberos.keytab.file`	The keytab file used by S3Gateway daemon to login as its service principal. The principal name is configured with ozone.s3g.kerberos.principal.
`ozone.s3g.http.auth.kerberos.principal`	The server principal used by Ozone S3 Gateway server. This is typically set to HTTP/_HOST@REALM.TLD The SPNEGO server principal begins with the prefix HTTP/ by convention.
`ozone.s3g.http.auth.kerberos.keytab`	The keytab file used by the S3 Gateway server to login as its service principal.

Recon properties

Property	Description
`ozone.recon.kerberos.principal`	The Recon web user service principal. You can specify this value, for example, in the following format: `recon/_HOST@REALM.COM`
`ozone.recon.kerberos.keytab.file`	The keytab file used by the Recon web user.
`ozone.recon.http.auth.kerberos.principal`	The server principal used by Ozone Recon server. This is typically set to HTTP/_HOST@REALM.TLD The SPNEGO server principal begins with the prefix HTTP/ by convention.
`ozone.recon.http.auth.kerberos.keytab`	The keytab file for HTTP Kerberos authentication in Recon.