To enable WebHCat to use Kerberos, complete the following steps on the node where WebHCat is installed.
HTTP/<FQDN@REALM>
for WebHCat and add the principal to the keytab file. For example:
kadmin: addprinc -randkey HTTP/<FQDN@REALM>
kadmin: xst -k /opt/mapr/HTTP.keytab HTTP/<FQDN>/opt/mapr/conf/HTTP.keytab file
and that the file is only readable by the mapr user. For example: chown
mapr /opt/mapr/conf/HTTP.keytabmaprlogin password./opt/mapr/hive/hive-<version>/hcatalog/etc/webhcat/webhcat-site.xml
file:
<property>
<name>templeton.kerberos.secret</name>
<value>secret value</value>
</property>
<property>
<name>templeton.kerberos.principal</name>
<value>HTTP/<FQDN@REALM></value>
</property>
<property>
<name>templeton.kerberos.keytab</name>
<value>/opt/mapr/conf/HTTP.keytab</value>
</property>/opt/mapr/hadoop/hadoop-<version>/etc/hadoop/core-site.xml file:
<property>
<name>hadoop.proxyuser.HTTP.groups</name>
<value>*</value>
<description>Allow the superuser mapr to impersonate any member of any group</description>
</property>
<property>
<name>hadoop.proxyuser.HTTP.hosts</name>
<value>*</value>
<description>The superuser can connect from any host to impersonate a user</description>
</property>kinit utility and then run the following command:
curl --negotiate -i -u : 'http://<FQDN>:50111/templeton/v1/ddl/database/'