This operation enables you to configure the authentication mode to access the HDFS service of a namespace.
The Configure Authentication page is displayed.
Set the parameters related to ranger authentication, as shown in.
Parameter |
Description |
|---|---|
Service Name |
Indicates an HDFS service name configured on the Ranger.
NOTE:
|
Ranger URL |
Indicates a Ranger Admin address. |
Interval (ms) |
Indicates a period for obtaining a policy. The default value is 30000 ms.
NOTE:
The value ranges from 1000 ms to 120000 ms. |
Cache Policy |
Indicates whether to clear the local cache when rangerurl can be connected but the corresponding service name cannot be found. By default, Do not use cache is selected. You are advised not to use the cache. |
KeyStore File |
Indicates the keystore file required for SSL communication.
NOTE:
The file needs to be uploaded when SSL is configured for the Ranger service. |
KeyStore Key File |
Indicates the keystore password file.
NOTE:
The file needs to be uploaded when SSL is configured for the Ranger service. |
TrustStore File |
Indicates the truststore file required for SSL communication.
NOTE:
The file needs to be uploaded when SSL is configured for the Ranger service. |
TrustStore Key File |
Indicates the truststore password file.
NOTE:
The file needs to be uploaded when SSL is configured for the Ranger service. |
Security Style |
The security style can be kerberos or simple. Set this parameter based on the security style used by the Ranger client. |
Keytab File |
Indicates the .keytab file generated by the Kerberos user created on the Kerberos service.
NOTE:
If the security style is kerberos, you need to upload the file. |
Principal |
Indicates the principal of the Kerberos user created on the Kerberos service.
NOTE:
If the security style is kerberos, you need to specify the value. |
Parameter |
Description |
|---|---|
Sentry Address |
Address of the Sentry server. The value is the same as the value of sentry.hdfs.service.client.server.rpc-addresses in CDH configuration file hdfs-site.xml. The format is IP address:Port number (optional). Replace the Sentry host name with the actual IP address.
NOTE:
The configuration of multiple Sentry addresses is not supported. If there are multiple Sentry addresses on the CDH computing side, only one Sentry address can be configured. |
Sentry Port |
Port number of the Sentry server. The value is the same as the value of sentry.hdfs.service.client.server.rpc-port in CDH configuration file hdfs-site.xml. |
Security Style |
The security style can be kerberos or simple. Set this parameter based on the security style used by the CDH client. |
Keytab File |
Indicates the .keytab file generated by the Kerberos user created on the Kerberos service.
NOTE:
If the security style is kerberos, you need to upload the file. |
Principal |
Principal of the sentry service. CDH5.14.4 is used as an example. Log in to the CDH management page, choose Administration > Security > Kerberos Credentials, enter sentry in the search box, and obtain the principal part, that is, the value of Principal.
NOTE:
If the security style is kerberos, you need to specify the value. |
Interval (ms) |
Synchronization period of the sentry permission. The unit is ms. The value ranges from 500 to 30000. |
Local Cache Expiration Duration (ms) |
Expiration time of the local cache. It is recommended that the value be greater than the period. The unit is ms. The value ranges from 500 to 120000. |
Path Prefix |
Sentry permission control directory. The default value is /user/hive/warehouse. |
Connected CDH Version |
Possible options are CDH5.16 or later and Earlier than CDH 5.16. |