Versions Compared

Old Version 13

changes.mady.by.user Thejas Nair

Saved on

compared with

New Version 14

changes.mady.by.user Thejas Nair

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

...

Also, set the WebHCat configuration variables templeton.kerberos.principal and templeton.kerberos.keytab.

Proxy User Support

Proxy User Support in WebHCat allows the caller of WebHCat to instruct WebHCat to run commands on the Hadoop cluster as a particular user.

The canonical example is Joe using Hue to submit a MapReduce job through WebHCat. For the following description, assume Joe has the Unix name 'joe', Hue is 'hue' and WebHCat is 'hcat'. If Hue specifies 'doAs=joe' when calling WebHCat, WebHCat submits the MR job as 'joe' so that the Hadoop cluster can perform securitiy checks with respect to 'joe'. If the doAs value is not specified, the MR job will be submitted as user 'hue'.

To set up Proxy User Support, make the following edits in configuration files.

In hive-site.xml, set:

Variable

Value

hive.security.metastore.authorization.manager

org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider

hive.security.metastore.authenticator.manager

org.apache.hadoop.hive.ql.security.HadoopDefaultMetastoreAuthenticator

hive.metastore.pre.event.listeners

org.apache.hadoop.hive.ql.security.authorization.AuthorizationPreEventListener

hive.metastore.execute.setugi

true

In webhcat-site.xml, set:

Variable

Value

webhcat.proxyuser.hue.groups

A comma-separated list of the Unix groups whose users may be impersonated by 'hue'.

webhcat.proxyuser.hue.hosts

A comma-separated list of the hosts which are allowed to submit requests by 'hue'. In the canonical example, this would be the servers running Hue.

In core-site.xml, make sure the following are also set:

Variable

Value

hadoop.proxyuser.hcat.group

A comma-separated list of the Unix groups whose users may be impersonated by 'hcat'.

hadoop.proxyuser.hcat.hosts

A comma-separated list of the hosts which are allowed to submit requests by 'hcat'.


Panel
titleColorindigo
titleBGColorsilver
titleNavigation Links

Previous: Using WebHCat
Next: Configuration

Hive installation: Installing Hive
HCatalog installation: Installation from Tarball

General: WebHCat ManualHCatalog ManualHive Wiki HomeHive Project Site
Old version of this document (HCatalog 0.5.0): WebHCat Installation