I want to restrict resource manager UI for all users except admin, I have applied SPNEGO protocol to achieve same but with that Resource manager UI is restricted to admin as well, and apart from RM UI RM JMX also getting restricted and RM logs as well.
Here is implementation detail :
I have done on all nodes in the cluster :
dd if=/dev/urandom of=/etc/security/http_secret bs=1024 count=1
chown hdfs:hadoop /etc/security/http_secret
chmod 440 /etc/security/http_secret
These properties has to be added to HDFS -> configs -> advance core-site
hadoop.http.authentication.simple.anonymous.allowed : false
hadoop.http.authentication.signature.secret.file : /etc/security/http_secret
hadoop.http.authentication.type : kerberos
hadoop.http.authentication.kerberos.keytab : /etc/security/keytabs/spnego.service.keytab hadoop.http.authentication.kerberos.principal : principal name
hadoop.http.filter.initializers : org.apache.hadoop.security.AuthenticationFilterInitializer
hadoop.http.authentication.cookie.domain : namenode [FQDN]
I only want too restrict RM UI for all ambari users except admin.