Kerberos principal and keytab properties for Ozone service daemons
For the Kerberos-authenticated users or client applications to access Ozone, each of
the Ozone components requires a Kerberos service principal name and a corresponding kerberos
keytab file. You must set the corresponding in ozone-site.xml.
Storage Container Manager (SCM) properties
| Property | Description |
|---|---|
hdds.scm.kerberos.principal |
The SCM service principal. You can specify this value, for example, in
the following format: scm/_HOST@REALM.COM |
hdds.scm.kerberos.keytab.file |
The keytab file that the SCM daemon uses to log in as its service principal. |
hdds.scm.http.kerberos.principal |
The service principal of the SCM http server. |
hdds.scm.http.kerberos.keytab |
The keytab file that the SCM http server uses to log in as its service principal. |
Ozone Manager (OM) properties
| Property | Description |
|---|---|
ozone.om.kerberos.principal |
The Ozone Manager service principal. You can specify this value, for
example, in the following
format:om/_HOST@REALM.COM |
ozone.om.kerberos.keytab.file |
The keytab file that the Ozone Manager daemon uses to log in as its service principal. |
ozone.om.http.kerberos.principal |
The service principal of the Ozone Manager http server. |
ozone.om.http.kerberos.keytab |
The keytab file that the Ozone Manager http server uses to log in as its service principal. |
S3 Gateway properties
| Property | Description |
|---|---|
ozone.s3g.authentication.kerberos.principal |
The S3 Gateway principal. You can specify this value, for example, in
the following format:HTTP/_HOST@EXAMPLE.COM |
ozone.s3g.keytab.file |
The keytab file used by the S3 Gateway. |
Recon properties
| Property | Description |
|---|---|
ozone.recon.authentication.kerberos.principal |
The service principal for the Recon http server. |
ozone.recon.http.kerberos.keytab.file |
The keytab file used by the Recon http server to log on as the service principal. |
