Support Questions
Find answers, ask questions, and share your expertise

Re: Secure Webhdfs in Hadoop Hortonworks Cluster

New Contributor
  1. Set the value of the dfs.webhdfs.enabled property in hdfs-site.xml to true.
    <property>
      <name>dfs.webhdfs.enabled</name>
      <value>true</value> 
    </property>
  2. Create an HTTP service user principal.
    kadmin: addprinc -randkey HTTP/$<Fully_Qualified_Domain_Name>@$<Realm_Name>.COM
    where:
    • Fully_Qualified_Domain_Name: Host where the NameNode is deployed.
    • Realm_Name: Name of your Kerberos realm.
  3. Create a keytab file for the HTTP principal.
    kadmin: xst -norandkey -k /etc/security/spnego.service.keytab HTTP/$<Fully_Qualified_Domain_Name>
  4. Verify that the keytab file and the principal are associated with the correct service.
    klist –k -t /etc/security/spnego.service.keytab
  5. Add the dfs.web.authentication.kerberos.principal and dfs.web.authentication.kerberos.keytab properties to hdfs-site.xml.
    <property>
      <name>dfs.web.authentication.kerberos.principal</name>
      <value>HTTP/$<Fully_Qualified_Domain_Name>@$<Realm_Name>.COM</value>
    </property>
    <property>
      <name>dfs.web.authentication.kerberos.keytab</name>
      <value>/etc/security/spnego.service.keytab</value>
    </property>
  6. Restart the NameNode and the DataNodes.