You are viewing a plain text version of this content. The canonical link for it is here.

Posted to hdfs-dev@hadoop.apache.org by Grant Langlois <gr...@gmail.com> on 2018/02/12 23:58:15 UTC

HDFS Federation and HTTP Kerberos Properties

Hello,

While implementing a secure HDFS setup with federation, I was reviewing the
NameNode properties which are allowed to be set on a per nameservice basis.
Omitted from those properties were the
dfs.web.authentication.kerberos.principal and
dfs.web.authentication.kerberos.keytab properties.

Is there a technical reason that these are to be common across all
NameNodes or is it just that this hasn't been a requested feature yet? In
our case we're using federation to achieve isolation, so I feel it would
make sense to want to separate the kerberos credentials on a per NameNode
basis for the HTTP server as well.

Kind Regards,

Grant