You must configure cross realm support for Kerberos, ZooKeeper, and Hadoop to
configure secure HBase replication.
There must be at least one common encryption mode between the two realms.
Create krbtgt principals for the two realms.
For example, if you have two realms called EXAMPLE.com and
COMPANY.TEST, you need to add the following principelas:
krbtgt/EXAMPLE.COM@COMPANY.TEST and
krbtgt/COMPANY.TEST@EXAMPLE.COM
Add a system level property in java.env, defined in the
conf directory.
The following example rule illustrates how to add support for the realm called
EXAMPLE.COM and have two members in the principal (such as
service/instance@EXAMPLE.COM):
This
example adds support for the EXAMPLE.COM realm
in a different realm. So, in the case of replication, you must add a rule
for the primary cluster realm in the replica cluster realm.
DEFAULT is for defining the default
rule
Add rules for creating short names in the Hadoop processes:
Add the hadoop.security.auth_to_local property in the
core-site.xml file in the replica cluster.
For example to add support for the EXAMPLE.COM
realm: