For the Kerberos-authenticated users or client applications to access Ozone, each of
the Ozone components requires a Kerberos service principal name and a corresponding kerberos
keytab file. You must set the corresponding in ozone-site.xml.
The following are the properties for the Kerberos service
principal and the keytab file that you must set for the different Ozone
components:
Storage Container Manager (SCM) properties
| Property |
Description |
hdds.scm.kerberos.principal |
The SCM service principal. You can specify this value, for example, in
the following format: scm/_HOST@REALM.COM
|
hdds.scm.kerberos.keytab.file |
The keytab file that the SCM daemon uses to log in as its service
principal. |
hdds.scm.http.kerberos.principal |
The service principal of the SCM http server. |
hdds.scm.http.kerberos.keytab |
The keytab file that the SCM http server uses to log in as its service
principal. |
Ozone Manager (OM) properties
| Property |
Description |
ozone.om.kerberos.principal |
The Ozone Manager service principal. You can specify this value, for
example, in the following
format:om/_HOST@REALM.COM
|
ozone.om.kerberos.keytab.file |
The keytab file that the Ozone Manager daemon uses to log in as its
service principal. |
ozone.om.http.kerberos.principal |
The service principal of the Ozone Manager http server. |
ozone.om.http.kerberos.keytab |
The keytab file that the Ozone Manager http server uses to log in as
its service principal. |
S3 Gateway properties
| Property |
Description |
ozone.s3g.authentication.kerberos.principal |
The S3 Gateway principal. You can specify this value, for example, in
the following format:HTTP/_HOST@EXAMPLE.COM
|
ozone.s3g.keytab.file |
The keytab file used by the S3 Gateway. |
