Support Questions
Find answers, ask questions, and share your expertise

Re: Secure Webhdfs in Hadoop Hortonworks Cluster

New Contributor
  1. Set the value of the dfs.webhdfs.enabled property in hdfs-site.xml to true.
  2. Create an HTTP service user principal.
    kadmin: addprinc -randkey HTTP/$<Fully_Qualified_Domain_Name>@$<Realm_Name>.COM
    • Fully_Qualified_Domain_Name: Host where the NameNode is deployed.
    • Realm_Name: Name of your Kerberos realm.
  3. Create a keytab file for the HTTP principal.
    kadmin: xst -norandkey -k /etc/security/spnego.service.keytab HTTP/$<Fully_Qualified_Domain_Name>
  4. Verify that the keytab file and the principal are associated with the correct service.
    klist –k -t /etc/security/spnego.service.keytab
  5. Add the dfs.web.authentication.kerberos.principal and dfs.web.authentication.kerberos.keytab properties to hdfs-site.xml.
  6. Restart the NameNode and the DataNodes.